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It may be unfashionable, but FRANK da CRUZ, an IT manager at rele 
University, says older code is “battle-proven, tested and secure. 


Legacy 


Whether it’s viewed as a reliable workhorse or an 
-—~ undocumented disaster, old code needs _ 
attention, reports Gary H. Anthes. Page 2 
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Wachovia ‘Turns to 
Outsourcing to Cut Costs 


Bank looks to trim spending on application support by 15% to 20% 





BY THOMAS HOFFMAN 
Wachovia Corp. is planning to 
outsource support for dozens 
of back-office applications to 
three global IT services ven- 
dors in a move that’s expected 
to help the nation’s fourth- 
largest bank reduce its 


application support costs ania 


by up to 20%. 

Jean Davis, head 
of operations, IT and 
e-commerce at the bank, 
declined to say what per- 
centage of Wachovia’s 2,600 
full-time and 500 to 750 con- 
tract programmers could be 
affected by the outsourcing 
deals. She did confirm, howev- 


er, that the deals “could impact | 


15% to 20%” of Wachovia’s an- 
nual application support costs. 
Bili Bradway, an analyst at 
| IDC’s Financial Insights divi- 
| sion in Framingham, Mass., 
| estimated that Wachovia could 
generate $40 million to $50 
million in annual cost 
savings if 450 of its 
full-time and contract 
programmers were 
displaced. 

Davis said the con- 
tracts are expected to 
be i in place by late August or 
early September. The bank’s 
latest outsourcing strategy has 
evolved since last year, when 
Wachovia Chairman and CEO 
G. Kennedy Thompson 


Broadband Decision Pleases 
Vendors, irks Some IT Pros 


Supreme Court says 
cable operators don’t 


have to share lines 


BY MATT HAMBLEN 
The Supreme Court’s ruling 
on broadband Internet access 
policies iast week won praise 
from network operators. But it 
was condemned by consumer 
groups as well as some busi- 
nesses that use broadband 
connections for remote and 
home office connections and 
for WAN backup links. 

“I don’t understand how the 
ruling could mean there will 
be more competition to foster 


| more growth of broadband,” 
said Jay Shell, a senior tele- 
communications specialist at a 
Michigan-based bank with 300 
branches and mortgage offices 
nationwide. Shell, who asked 
that the bank not be named, 
called the court’s decision “a 
wolf in sheep’s clothing” and 
predicted that the cost of 
broadband services “absolute- 
ly” will go higher. 

Broadband, page 37 


READ THE DECISION 


Go online to download the Supreme 
Court’s opinions on broadband access: 


OO rr cuterwortd.com 











directed the firm to begin 


| evaluating the offshore out- 
| sourcing approaches that oth- 
| er large U.S. financial institu- 


tions had taken, Davis said. 
As part of the evaluation, 

Wachovia last fall sent a dele- 

gation of IT, operations and 


| business leaders to India and 
| Costa Rica to meet with sever- 


al offshore services providers. 
“The starting point was 
Wachovia, page 13 


Antitrust Case 


Could Be Hard 
Sell for AMD 


| Intel suit has potential 
| tolower PC costs, but 
| proof may be elusive 


| BY PATRICK THIBODEAU 


IT managers can hope that 
Advanced Micro Devices Inc.’s 
antitrust lawsuit against Intel 
Corp. leads to lower PC 
prices. But the only thing they 
likely can count on is a long 
wait before the case reaches 
any kind of conclusion. 
Looking to break what it 
claims is Intel’s chokehold on 
the corporate PC market 
AMD last week said it will try 
to speed the case to a trial in 
U.S. District Court in Dela- 
ware within 18 months. Ana- 
lysts warned, though, that the 
charges will be hard to prove. 
AMD, page 37 
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In the Management section: IT Mentor 
David Putrich, a recently retired 3M 

IT manager, explains how to develop 
the careers of IT employees without 
breaking the bank. Page 32 
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Information sharing among 
U.S. government agencies is 
improving, but more is need- 
ed to help prevent future ter- 
rorist attacks, officials say. 


IBM releases autonomic 
computing technology to 
speed up IT troubleshooting. 


Major vendors drive develop- 
ment of a road map for using 
Web services in systems man- 
agement. 


Q&A: ChoicePoint CISO Rich 
Baich discusses the recent 
theft of data from his firm. 


The Payment Card Industry 
data security standard, backed 
by Visa and MasterCard, goes 
into effect amid concerns 
about compliance. 


Cisco is struggling to imple- 
ment a hosted CRM system 
from Salesforce.com, accord- 
ing to a research report. 


EDS is threatened with legal 
action by the U.K.’s tax agency. 


Global Dispatches: Microsoft 
joins forces with six Japanese 
universities to broaden and 

deepen its software research. 


Recent data compromises in 
India have renewed attention 
on offshore security practices. 


Q&A: The co-author of Out- 
sourcing America says he’s 
worried that U.S. political and 
business leaders are sitting 
on their hands as the country 
loses its next generation of 
potential entrepreneurs. 


> 22 Neither Rain Nor Sleet Nor 


. .. Hurricanes. A Florida 
berry supplier looks for a wav 
to ensure e-mail continuity 
during emergencies, like 
Hurricane Charley. 


24 Future Watch: Internet Pio- 


neer Looks Ahead. Leonard 
Kleinrock, who developed 
packet switching, envisions 
smart handhelds featuring 
haptic interfaces but warns 
of out-of-control complexity. 


: 25 Security Manager’s Journal: 


MANAGEMENT — 


Eyeing an Opening for Open- 
Source. CJ. Kelly is surprised 
when her boss takes an inter- 
est in exploring some open- 
source security options. 


: 27 Love That ‘Legacy.’ Legacy 


software is alive and well. 
Some companies still swear 
by their old systems, while 
others have found ways to 
offload their spaghetti code 
while still benefiting from it. 


: 30 Think Tank: Forrester Re- 


eeeeeeesesees 


Seer eeeeereeceseeecosese 


search says most corporate 
Web home pages are abysmal; 
and a book suggests it’s time 
to move beyond “business 
alignment” into “business- 
technology convergence.” 


33 Career Watch: The Veterans 


Affairs department’s CIO dis- 
cusses a program to hire dis- 
abled veterans. Plus, a study 
assesses the value of an MBA, 
and a humorist takes a wry 
look at the best vacation you 
never took. 


10 On the Mark: Mark Hall re- 
ports on a software vendor 
that thinks Web-based tech- 
nology provides a better way 
to poll oversurveyed IT and 
business execs about issues 
such as customer satisfaction. 


Don Tennant feels a lot of dis- 
gust about the Intel-AMD sit- 
uation, and it isn’t all directed 
at Intel. 


Bruce A. Stewart takes note 
of a CIO who’s hunkering 
down but has his eye on the 
bigger picture. 


Thornton A. May identifies 
the skills that next-generation 
IT leaders think they are go- 
ing to need. 


26 Douglas Schweitzer is happy 
that businesses and govern- 
ments are finally getting seri- 
ous about crimes against in- 
tellectual property. 


34 Paul Glen is often asked, 
“What should I do with use- 
less people?” First, he says, 
define useless. 


38 Frankly Speaking: Frank 
Hayes thinks most people 
missed how tech-savvy the 
Supreme Court sounded last 
week when it handed down its 
Grokster decision. 
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rights management systems allow compa- 
nies to protect critical content from unau- 
thorized users while distributing it to 
those who need to see it. Page 17 
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Seven Common Security Mistakes 
SECURITY: Despite highly publicized data 
leaks, many companies still make errors that 
introduce unnecessary risk. Find out what to 
watch out for. @ QuickLink 55136 


From Tapes to Bits: 
Digital Asset 


STORAGE: Public television station WGBH 
got a new archiiecture for its digital-asset 
management system by agreeing to trade- 
offs and concessions with Sun Microsystems 


and other vendors. @ QuickLink 55044 


Wireless on 

MOBILE/WIRELESS: With MIMO and WiMax 
standards on the way, Intel explains how 
“smart antenna” technology works and dis- 
cusses the role it could play in improving 
network performance. @ QuickLink 55325 


Pursuing IT-Business Alignment 
WEBCAST: Paul Higday, vice president of IT 
and program development at Owens & Mi- 
nor, discusses IT’s role in helping a company 
fulfill its current business vision and future 


business strategy. @ QuickLink a6320 
IT Blogwatch 
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Microsoft, IBM 
Settle Antitrust Suit 


Microsoft Corp. will pay IBM 
$775 million and give it another 
$75 million in credit under an an- 
titrust settlement reached by the 
two companies. The settlement 
resolves claims arising from the 
U.S. government's antitrust case 
against Microsoft, which found 
that IBM was hurt by Microsoft's 
anticompetitive practices. 

The settlement also resolves 
most other IBM antitrust claims, 
including those related to OS/2 
and the company’s SmartSuite 
products. IBM's claims of harm to 
its server hardware and server 
software businesses are not cov- 
ered by the settlement. IBM did 
agree not to make claims for 
server damages for two years and 
said that it won’t try to recover 
damages on server claims made 
before June 30, 2002. 


Prosecutors Revise 
Kumar Indictment 


Prosecutors have filed a super- 
seding indictment that includes 
more details about former CEO 
Sanjay Kumar’s alleged partic- 
ipation in the “35-day month” 
accounting fraud at Computer 
Associates International inc. 

A number of former CA officials, 
including the ousted chief finan- 
cial officer and general counsel, 
have pleaded guilty to charges re- 
lated to the fraud, which the com- 
pany has admitted. The revised 
indictment offers additional evi- 
dence against Kumar. 


Sun Agrees to 

Buy SeeBeyond 

Sun Microsystems inc. has agreed 
to buy SeeBeyond Technology 
Corp. for $387 million in cash in 
an effort to boost its business in- 
tegration software business. Sun 
also disclosed that it is likely to 
buy additional integration soft- 
ware vendors. Sun and See- 
Beyond claimed that there is little 
overlap between their respective 
product lines. The purchase is ex- 
pected to close this fall. 





NEWS 


ormation Sharing 
Key to US. Security 


Top gov't officials 
say IT can drive 
improvements 


BY GRANT GROSS 
NEW ORLEANS 
HE U.S. GOVERNMENT 
is getting better at 
sharing information 
among the various 
agencies that are responsible 
for protecting the nation 
against terrorism, but IT can 
help drive more improve- 
ments, top-ranking antiterror- 
ism officials said last week. 

Two federal officials told 
a crowd of about 450 that 
mostly included federal, state 
and local workers who deal 
with domestic security issues 
that the government has im- 
proved its information-sharing 
capabilities since the Sept. 11, 
2001, terrorist attacks. 

“We're not there yet. We’re 
getting there,” said Donna Bu- 
cella, director of the FBI’s Ter- 
rorist Screening Center. 

Bucella and Daniel Oster- 
gaard, executive director of the 
Homeland Security Advisory 
Council in the Department of 





Homeland Security (DHS), 
both touched on IT during 
speeches at the fourth annual 
Government Symposium on 
Information Sharing and 
Homeland Security here. 

Better sharing of informa- 
tion among government agen- 
cies is key to preventing future 
terrorist attacks on the U.S., 
Ostergaard said. “Either stop it 
before it happens, or you’re 
cleaning it up afterward,” he 
said. “I’m focused on stopping 
it before it happens.” 


Critical Protections 
Ostergaard cited Internet- 
based control systems for wa- 
ter treatment plants as an ex- 
ample of how IT systems can 
be used to better protect the 
so-called critical infrastruc- 
ture systems in the U.S. While 
workers in many water treat- 
ment plants can check the sta- 
tus of on/off valves with Web- 
based programs, more pieces 
of the critical infrastructure 


| need systems that can pin- 


point problems and quickly 

find work-arounds, he said. 
The government has deter- 

mined that the nation’s critical 


FBI Rolling Out Data Exchange Network 


NEW ORLEANS 


THE FBI plans to roll out a re- 

gional information-sharing net- 
work in the Seattle area on Aug. 
1, the second such network the 
bureau will put in place this year. 

The Seattle rollout of the Re- 
gional Data Exchange, or R-DEx, 
follows the launch of a similar 
network in the St. Louis area in 
February, said R. Scott Crabtree, 
section chief of the Field Intelli- 
gence Section at the FBI's Direc- 
torate of Intelligence. 

Crabtree detailed the R-DEx 
project and a sister national proj- 
ect called N-DEx at the fourth an- 
nual Government Symposium on 
Information Sharing and Home- 
land Security here last week. 


R-DEx allows federal, state 
and local law enforcement agen- 
cies to tie their irivestigative 
databases together, providing 
the same information to all law 
enforcement officers with access 
to the database, Crabtree said. 

In the St. Louis area, the FBI, 
the Illinois State Police, the Mis- 
souri State Highway Patrol, the 
St. Louis Metropolitan Police, the 
St. Louis County Police and the 
St. Clair County Sheriff's Depart- 
ment can share information, the 
FBI said. The R-DEx and N-DEx 
programs stem from an August 
2004 presidential order calling 
for improved cooperation be- 
tween federal law enforcement 
and domestic security agencies 





4 We need a 
system that’s 
self-aware, resilient, 
self-restorative and 
protects the critical 
infrastructure. 


Seeeecesesesere eeereseseeeseece 


DANIEL OSTERGAARD, 
EXECUTIVE DIRECTOR, HOMELAND 
SECURITY ADVISORY COUNCIL 


infrastructure has 17 compo- 
nents, including the electrical 
grid, the food supply chain and 
the water supply. Ostergaard 
advocated more use of auto- 
mated systems to protect them. 

“We need a system that’s 
self-aware, resilient, self- 
restorative and protects the 
critical infrastructure,” he said. 
“If something does happen, it 
has to be self-restorative.” 

Bucella expressed concern 
about the small $29 million 
IT budget for the Terrorist 
Screening Center. “I didn’t 
realize, and I don’t think any- 
body realized when we got 
into this, how much the IT de- 
velopment costs,” she said. 

In addition to some aging 


and state and local police. 

R-DEx and N-DEx are built on 
aversion of XML, which ensures 
that multiple organizations can 
participate, Crabtree said. 

In addition, he said, the sys- 
tems are built with commercial, 
off-the-shelf software. An FBI 
spokeswoman couldn't provide 
details on the software. Crabtree 
said the packages allow investi- 
gators to retrieve text and map- 
based information. 

Using commercial software 
will allow the FBI to later replace 
the installed packages with com- 
peting products that may offer 
better features, and it lets region- 
al groups copy the FBI's work for 
a minimal cost, Crabtree said. 

R-DEx allows law enforcement 
agents to search across partici- 
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| critical infrastructure, the 


DHS faces a number of other 
challenges in sharing informa- 
tion, Ostergaard said. 

As government agencies try 
to move away from tightly 
guarding information, it’s now 
possible that they will share 
too much information and 
flood local police and other 
public safety workers with too 
much data, Ostergaard said. 

The Terrorist Screening 
Center must maintain up-to- 
date terrorist watch lists and 
provide those lists to law en- 
forcement agencies, border 
guards and transportation se- 
curity agents. Since 2001, the 
center has had to pull together 
12 different government data- 
bases, many of which listed 
common criminals as well as 
terrorism suspects, into a 
comprehensive watch list that 
can provide police officers 
with real-time data about a 
subject, such as someone 
pulled over in a traffic stop. 

The center is looking at 
commercial, off-the-shelf soft- 
ware to meet many of its IT 
needs and is working on de- 
veloping software to share 
with other agencies, Bucella 
said. “Wouldn’t it be great if 
we could all use the same sys- 
tem?” she said. “That’s really 
it: connectivity.” @ 55317 


Gross is a reporter for the 
IDG News Service. 


pating databases for investigative 
information. For example, a feder- 
al agent who suspects that an at- 
tack on a chemical plant is possi- 
ble could search several databas- 
es to find past suspects who live 

close to the plant, Crabtree said. 

R-DEx includes a Web-based 
interface that lets law officers log 
in and search using a “Google- 
like” interface, he said. 

The FBI plans to roll out 12 to 18 
regional data-exchange systems in 
pilot programs in coming months, 
according to Crabtree. It also plans 
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IBM Adds Autonomic Tools 
To Speed Up Error Detection 


Automating analysis of system logs 
reduces IT troubleshooting, users say 





BY PATRICK THIBODEAU 
IBM last week released auto- 
nomic computing technology 
that’s designed to automate 
the process of searching 
through error logs to deter- 
mine why a system has failed. 
Two users who are testing 
the multivendor offering said 
the promised ability to quickly 
analyze multiple system. ‘s 
and identify failure points is 
no small thing. Done manual- 
ly, that work is laborious and 
eats up IT staff time, they said. 
Steve Peltzman, CIO at the 
Museum of Modern Art in 
New York, described the auto- 
nomic tools as a “retrofit” to 
his existing IBM-based Web 
commerce systems frame- 
work. “It’s doing a mundane 





task intelligently — it’s like a 
robot that uses a vacuum 
cleaner,” Peltzman said. 

IBM embraced the concept 
of autonomic computing in 
2001 with the goal of creating 
systems that can manage 
themselves, take corrective ac- 
tions and even respond to se- 
curity threats. Other vendors 
are also pursuing the technol- 
ogy, but it’s still nascent. 


Development Imperative 
Peter Stone, a professor of 
computer science at the Uni- 
versity of Texas at Austin, was 
one of the speakers at the sec- 
ond International Conference 
on Autonomic Computing last 
month in Seattle. Stone said 
last week that autonomic com- 


| 
| 





puting will develop gradually 
and that initial efforts will be 
along the lines of the add-on 

capabilities that IBM is build- 


ing for existing systems. 


But creating systems that 
can configure, manage, diag- 
nose and heal themselves “just 
has to happen,” Stone said. “As 
systems are becoming more 
complex, the amount of time 
and money spent on system 
administration is just going 
through the roof. That can’t 
continue.” 

IBM’s error-log analyzer, 
which is being offered through 
its services unit, supports the 
Web Services Distributed 
Management standard, which 
was recently ratified by the 
Organization for the Advance- 
ment of Structured Informa- 
tion Standards. IBM has been 
driving the development of 
WSDM along with Hewlett- 





| 
MORE FROM IBM 


—a_s 
itive, IBM also: 
@ Introduced a service for 
speeding up SAP deployments 
and improving system utilization 


rates and resource sharing be- 
tween SAP applications. 


|  @ Upgraded an online auto- 
nomic computing tool kit for 
developers by adding wider 
Java support and new software 
that enables self-management 
on larger applications. 


Packard Co. and Computer 
Associates International Inc. 
(see related story below). 
Dave Bartlett, vice president 
of autonomic computing at 
IBM, said the company has 
built adapters that can parse 
log files into the WSDM for- 
mat for a variety of servers, 
storage devices and other 
equipment from top vendors. 
Thomson SA's Camarillo, 
Calif.-based Technicolor divi- 
sion is testing IBM’s Accelera- 
tor for Service Management 
| for Problem Determination 





Vendors Team Up on Systems Management Road Map 


HP. IBM, CA see 
simplified process 
built around Web 
services, new tools 


BY MATT HAMBLEN 
At a grid computing conference 
in Chicago last week, Hewlett- 
Packard Co., IBM and Com- 
puter Associates International 
Inc. presented a jointly writ- 
ten road map for delivering IT 
resource management features 
based on Web services. 

The road map outlines the 
progress made on various 
standards dating back to 1999, 
and it describes emerging 
Web services specifications 
that are expected to lead to 
the development of new man- 
agement tools over the next 
three years, said William Vam- 
benepe, a management soft- 
ware technologist at HP. 

Vambenepe was one of five 
authors of the 21-page report, 





which is dated June 2 but 
made its first public appear- 
ance last week. The document 
details a common technology 
approach that’s designed to 
simplify the process of manag- 
ing existing systems and IT in- 
stallations based on service- 
oriented architectures (SOA). 

IT tasks that will have to be 
taken into account as part of 
advanced systems manage- 
ment scenarios include provi- 
sioning, policy-based manage- 
ment, unified resource discov- 
ery, resource virtualization 
and utility computing, accord- 
ing to the road map. 


WSDM Evolving 

CA, IBM and HP also are 
driving the development of 
Web Services Distributed 
Management, one of the new 
standards mentioned in the 
road map. Software based on 
WSDM was run on a Black- 
Berry handheld as part of a 
demonstration at last week’s 








FUN RO Cee 
seven SOA consulting ser- 
vices and the opening of 
four centers in the U.S.. 
eMac Ulmeee le mee Toe Ug) 
that will help users build 
and manage SOAs. 
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SOAs for customers free 
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Rational tools and help 
them with training, plan- 
ning and marketing. 


event, Global Grid Forum 14. 

Microsoft Corp. is building 
a similar specification with 
help from other vendors. 
“Technically, Microsoft is not 
very far from where we’re go- 
ing,” Vambenepe said. “We 
don’t expect one model. There 
are lots of models.” 


WSDM, which in March was 
approved by the Organization 
for the Advancement of Struc- 
tured Information Standards 
in Billerica, Mass., defines a 
basic set of manageability fea- 
tures for tasks such as identi- 
fying IT resources and the re- 
lationships between pieces of 
equipment. 

In a statement, Microsoft 
said the Web Services Man- 
agement specification it’s co- 
authoring with Dell Inc., Intel 
Corp. and other vendors is be- 
ing designed to work on small, 
resource-constrained devices 
in addition to larger systems. 

But last week’s BlackBerry 
demonstration proved that 
WSDM code can work ona 
small device, according to 
Vambenepe. “WSDM has no 
problems scaling down,” he 
said, adding that the BlackBer- 
ry demo code was created by 
IBM. HP has written its own 
code for its iPaq handhelds. 

Jason Bloomberg, an analyst 








technology on its digital asset 
management system. When 
system errors occur, the mes- 


| sages that get generated are 


often ambiguous, said Carey 
Capaldi, who manages the 
Technicolor system. 

The autonomic tool ties all 
the logs together, which lets 


| Capaldi see the relationships 
| between system technologies 
| and pinpoint where problems 


occurred. Using the tool has 
increased system trouble- 
shooting speeds by 20% to 
40%, he said. 

Capaldi said the next phase 


| in the months ahead is for 
| IBM to try to couple the log 
| analysis features with self- 


healing capabilities that, for 


| instance, could automatically 


restart a server in a way that 
works in concert with storage 
devices and other equipment 
That would, for example, en- 
able overnight processing jobs 
that are stopped by a system 
failure to resume running au- 
tomatically instead of waiting 
for manual repairs that might 
not be done until the morning, 
he noted. @ 55350 


| at ZapThink LLC in Waltham, 


Mass., said the road map helps 
demonstrate that progress is 
being made on technology for 
Web services and SOAs. “In 
general, all the vendors realize 
they have to play along with 
interoperability,” Bloomberg 
said. “Politics still could get 

in the way. But customers get 
upset with vendors that don’t 
interoperate.” 

He added that although 
management tools supporting 
some of the upcoming stan- 
dards should emerge within 
three years, they “will defi- 
nitely be early-adopter prod- 
ucts.” @ 55349 
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Correction 
IN LAST WEEK'S special report 
on the 100 Best Places to Work 
in IT for 2008, the listing of 

1 referred 
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Cisco Buys Security 
Software Maker 


Cisco Systems Inc. has agreed to 
pay $30 million for start-up Net- 
Sift Inc., a maker of deep packet 
processing technology that’s de- 
signed to detect network attacks 
as they happen. Founded in June 
2004, NetSift employs 15 people. 
Cisco will fold NetSift into its In- 
ternet systems business unit. 


CA to Add Acquired 
Firewall to eTrust 


Computer Associates International 
Inc. said it has acquired Tiny Soft- 
ware Inc. and will add Tiny’s fire- 
wall software to its eTrust security 
portfolio. Tiny’s staff of fewer than 
20 people has joined CA. The 
company plans to use Tiny’s fire- 
wall technology in its Integrated 
Threat Management platform, 
which is due to be unveiled later 
this year. Financial terms of the 
deal weren't disclosed. 


Oracle 04 Revenue 
Grows by 26% 


Oracle Corp. reported a big jump 
in revenue for its fourth quarter 
that was driven by its merger with 
PeopleSoft and strong sales in all 
product categories. Oracle would 
not break out specific results from 
the PeopleSoft business. 
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Hacker Breaches 
UConn Server 


The University of Connecticut said 
a server with personal data on 
72,000 students, faculty and staff 
was breached last month. The 
server contained personal infor- 
mation, including names, Social 
Security numbers and campus ad- 
dresses. The breach was discov- 
ered after ‘'Conn’s IT department 
was notified by a nonuniversity 
corporation that an invalid log-on 
attempt had originated from a 
UConn computer. 
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Tech Alone Can't Stop Security 
Breaches, Says ChoicePoint CISO 


Responding to criticism in wake of Feb. 
incident, Baich says issue transcends IT 





BY JAIKUMAR VIJAYAN 

A massive data compromise at 
ChoicePoint Inc. earlier this 
year has made the Alpharetta, 
Ga.-based data aggre- 
gator a target for those 
calling for tougher 
data-protection laws 
[QuickLink 52719]. In 

an interview with Com- 
puterworld, Rich Baich, 
ChoicePoint’s chief in- 
formation security offi- 

cer, talked about the 
breach, the measures that 
have been put in place since 
then and the inherent lessons 
for other CISOs. 


You have in the past said that 
what happened at ChoicePoint 
was not really a security breach. 
Then what was it? It all comes 
down to how you define a 
breach and how you define 
an incident. This was fraud. 


| Someone fraudulently provid- 


ed authentication to the sys- 
tem. It’s no different than 
credit card theft and credit 
card fraud. Those are never 
referenced as IT-related is- 
sues, though they happen mil- 
lions of times every year. 
People are trying to point to a 
person, when we really need 
to be looking at things as an 
industry. 


But wouldn't better IT controls 
have helped? Sure. As an indus- 
try, I think we have gotten bet- 
ter with our fraud analytics 
tools. There’s technology that 
can do geographic IP loca- 
tions. There is some technol- 
ogy that can help mitigate the 
risk — not stop it. 


So are you doing anything differ- 
ently now? Yes. We are looking 
at our entire credentialing 
process, the entire business 
process and how it’s being 
done. We are looking at 
putting additional technolo- 


Q&A 


| gies in place and [at] the way 
| we do business with others. 


| What's the take-away from that 
whole incident? What's 
your advice for CISOs? If 
you are going to have 
this role at a time when 
there is really no firm 
guidance, make sure you 
have selected a model 
to implement. If you 
have selected a model 
and you are implement- 
| ing a program around that 
model, you can be successful. 


Why are we hearing about so 
many major data compromises 
these days? What’s happening? 
In general, more organizations 
are reporting it. But I also 
think the processes and the 
technologies have matured so 


Some merchants 
are concerned 
about compliance 


BY JAIKUMAR VIJAYAN 
A data security standard for 
all merchants handling credit 
card data went into effect last 
week amid concerns over po- 
tential implementation and 
compliance validation snags. 
Analysts said many of the 
banks and merchants that must 
adhere to the Payment Card 
Industry (PCI) standard, 
backed by MasterCard Interna- 
tional Inc. and Visa U.S.A. Inc., 
lack the resources and capa- 
bilities to meet its provisions. 
In addition, many mer- 
chants remain unsure of what 
they must do to meet the 
standard, which was created 
jointly by several credit card 
associations. And many of 
the so-called acquiring banks, 











that they are now realizing it. 
You have to remember, an in- 
cident is an incident only if it’s 
reported. So, as frightening as 
it is, there is also a positive 


| end to it because at least the 


people are catching it. 


Will the concern generated by the 
recent spate of data compromis- 
es inevitabiy result in more man- 
dated controls? When people 
want to put controls in place, 
it may be difficult, because 
what controls do you put for 
what kind of information? The 
incidents have caused a new 
focus within many organiza- 
tions, and I think in the long 
run, that itself will help miti- 
gate future risk. 


Are companies looking at compli- 
ance requirements more as a 
baseline set of controls they have 
to meet from a security stand- 
point, or as the ceiling? I think 
every company is always 


which decide whether specific 
merchants are eligible to ac- 
cept credit cards, often lack 
the expertise to ensure mer- 
chant compliance with PCI, 
analysts said. 


Merger of Programs 

The standard unifies two 
previously separate sets of re- 
quirements: Visa’s Cardholder 
Information Security Program 
and MasterCard’s Site Data 
Protection Program. 

Under PCI, all companies 
that accept credit cards must 
comply with 12 security-related 
requirements that call for, 
among other things, encrypted 
transmission of cardholder 
data, periodic network scans, 
logical and physical access 
controls, and activity monitor- 
ing and logging. 

The acquiring banks face 
fines of up to $500,000 per 
incident if credit card data is 





evolving to be stronger in 
their own maturity model 
when it comes to security. We 
have tried to stay ahead of the 
curve. But the toughest part 
about legislation right now is 
you don’t know where it’s 
coming from and you don’t 
know what to expect. 


You just released a book on what it 
takes to win as a CISO. So, what 
does it take to be successful? 
Winning is about getting a seat 
at the boardroom table and 
becoming a true member of 
the senior executive team. It’s 
when you are able to intertwine 
security into every business 
aspect. It’s about leaning more 
toward risk rather than talking 
about security. @ 55320 


READ MORE ONLINE 


Visit our Web site to read an extended 
version of our interview with Baich: 


QuickLink 55247 
www.computerworld.com 


New Credit Card Security Rule Takes Effect 


found to be compromised. 

While analysts agree that 
the PCI standard incorporates 
some sound security prac- 
tices, the credit card industry 
must quickly address its prob- 
lems. For example, for most 
merchants, compliance is 
based on self-assessments 
rather than on third-party au- 
dits, said Ivan Remsik, an ana- 
lyst at Cambridge, Mass.- 
based Forrester Research Inc. 

Only the largest merchants 
— those processing more than 
6 million MasterCard or Visa 
transactions annually — must 
submit to costly PCI compli- 
ance audits, Remsik said. 

“Security is not something 
that can be assessed in 20 to 30 
minutes with a self-assessment 
questionnaire. It would be 
very difficult to determine 
whether a merchant is telling 
the truth” without more con- 
trols, he said. 
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Salesforce.com CRM Rollout at Cisco Said to Slow 


Research firm: 
Project is 9 months 
behind schedule 


BY MARC L. SONGINI 

What once looked to be a mar- 
quee deployment of hosted 
CRM software at Cisco Sys- 
tems Inc. is now the subject of 
a damning report from an eq- 
uities research firm that says 
the project has stalled. 

In a note published on June 
22, analysts from JMP Securi- 
ties LLC said that a deploy- 
ment of hosted CRM software 
from San Francisco-based 
Salesforce.com Inc. had been 
delayed. 

Salesforce.com signed a 
deal with Cisco during the 
second half of 2004 that called 
for an initial rollout of up to 
2,000 seats and a later installa- 
tion of as many as 10,000 seats 
by this June, according to San 
Francisco-based JMP. 

End-user resistance and in- 
tegration challenges forced 
the deal to be renegotiated so 
that the rollout is staggered. 





An even bigger issue is that 
most acquiring banks lack 
the expertise to monitor com- 
pliance with PCI, said Avivah 
Litan, an analyst at Gartner 
Inc. in Stamford, Conn. 

“There are some really good 
security principles in PCI,” 
she said. “The problem is that 
acquiring banks are in way 
over their heads when it 
comes to implementation.” 

Credit card associations like 
MasterCard and Visa have 
also been vague on several as- 
pects of the standard, Litan 
said. For instance, there are no 
clear directives on how and 
when penalties will be as- 
sessed, she said. 

“There are so many ques- 
tions that our clients want 
answered, but there’s no one 
to answer them,” Litan said. 
“You just can’t plunk down a 
security standard and simply 
walk away.” 

MasterCard and Visa did 
not respond to requests for 
comment. @ 55351 





Completion is now set for 
March 2006, the report said. 

Salesforce.com confirmed 
that Cisco is a customer but de- 
clined to comment on the size 
or status of the implementation. 
Cisco also declined to com- 
ment, citing a policy of not talk- 
ing about vendor relationships. 

Some analysts said the re- 
port calls into question Sales- 
force.com’s ability to handle 
large implementations. 

So far, according to JMP, 
only 1,000 seats are running 
the software, and Cisco is due 
to review the deployment. 

‘The JMP analysts said “due 
diligence” in their research 
found that Cisco users have 


| been slow to embrace the sys- 


tem because it doesn’t support 
tools that handle tasks such as 
territory management, ad- 
vanced account hierarchies 
and forecasting. 

Cisco IT staffers are strug- 
gling to link the Salesforce.- 





com software with those tools 
and are questioning the wis- 
dom of relying on so heavily 
customized a hosted applica- 
tion, the report said. 

Cisco is also coping with 
unexpected change manage- 
ment and training issues, 
forcing the company to throw 
more resources at the project. 

“Last,” said the note, “we be- 
lieve that [Cisco] executive 
support for the Salesforce.com 
service may be waning due to 


| some changes in the business 


operations leadership as well 
as a sense among the sales 
leadership that it’s not worth 
rocking the sales operations 
for a new software vendor.” 
Salesforce.com declined to 
comment on any details of the 
report, but it issued a state- 
ment that said, “Salesforce.- 
com has consistently been 
ranked at the top of the class 
as it relates to customer satis- 
faction, and we'll continue to 


U.K. Tax Agency Mulls 
Lawsuit Against EDS 


BY MARC L. SONGINI 
A U.K. government agency has 
threatened Electronic Data 
Systems Corp. with legal action 
to recoup some of the monies 
lost as a result of a troubled 
tax credit management soft- 
ware system. 

Her Majesty’s Revenue & 
Customs (HMRC) department 
is threatening a lawsuit to re- 
cover part of an estimated 
$3.5 billion in overpayments to 
taxpayers that were caused in 
part by technical glitches in a 
credit system designed and 
implemented by EDS under a 
contract with the agency. 

The system was built to 
guarantee that accurate cred- 
its were awarded to families 
who have children or were be- 
low certain income levels. 

HMRC declined to disclose 
EDS’s specific role in building 
or supporting the system, or the 
amount it would seek to recov- 
er, citing the pending litigation. 





By far, most of the overpay- 
ments were the result of pro- 
cedural errors, according to the 
agency. The remaining over- 
payments, which the agency is 
seeking to recover from EDS, 
were the result of processing 
and technical glitches. The 
amount of those particular 
overpayments wasn’t disclosed. 

Overall, the agency has said 
that so far about $90 million has 
been deemed unrecoverable. 

Plano, Texas-based EDS 


| implemented the system, but 


& 4 Court pro- 
ceedings will 

begin if and when 

those discussions 

[with EDS] do 

not satisfactorily 

resolve the dispute. 


HMRC STATEMENT 





work hard with Cisco and all 
of our other customers to en- 


| sure that remains the case.” 


Rebecca Wettemann, an an- 
alyst at Nucleus Research Inc. 
in Wellesley, Mass., raised 
questions about the hosted 
software’s ability to support 


| deployments of more than 


2,000 seats. “There’s nothing 
wrong with the platform, but 


KEY ISSUES 


SY Iss (0) GMO) ITT 
Problems at Cisco 


Users have been slow to 
adopt the system. 
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problems for Cisco IT per- 
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Problems are causing users 
to revert to old CRM system. 


after its support contract ex- 
pired in June 2004, EDS rival 
Capgemini was hired by 
HMRC to take over. 

“HMRC now has a new IT 


| partner, the system is working 


well, and discussions are on- 
going with EDS about com- 


| pensation for past failures,” 


the agency said in a statement. 
“Court proceedings will begin 
if and when those discussions 
do not satisfactorily resolve 
the dispute.” 


Performance Problems 
Citing potential litigation, 
HMRC representatives de- 
clined to go into the specifics 
of the system or the technical 
problems involved. 

A July 2003 House of Com- 
mons Treasury Committee re- 
port, however, said the EDS- 
built credit processing system 
suffered performance problems 
as it took feeds from other sys- 
tems. In addition, the commit- 
tee report said that the IT staff 
found response times to be in- 
ordinately slow, which caused 
the system to be brought 


| down several times a day. 


A U.K.-based EDS spokes- 


| it’s not proven that it’s a CRM 
solution that scales,” she said. 

In a report last month based 
on a survey of 29 Salesforce.- 
| com customers, Wettemann 
indicated that the larger com- 
panies using the software typi- 
cally do so on a divisional lev- 
el with deployments that don’t 
| exceed 1,000 seats. 

Salesforce.com, however, 
claims that it has had a number 
of successful large deployments 
at major companies, such as 
the one at Corporate Express 
| Inc., a Broomfield, Colo.-based 
provider of office and comput- 
er products and services. 

“We have had no issues with 
scalability in our environment, 
as evidenced by the rapid roll- 
out of our first 2,500 users 
over the last year,” said Mark 
Newhall, vice president for 
customer care and quality sys- 
tems at Corporate Express, in 
an e-mail message. 

Corporate Express uses a 
customized version of Sales- 
force.com to support sales and 


| collaboration efforts. @ 55346 





| man declined to comment on 
| any specifics of the situation. 
| “These discussions continue, 
| and we're putting our best re- 
sources on them with the aim 
of making sure we get to the 
| point where there is an agree- 
| ment that’s mutually accept- 
| able around the tax credits 
| issue,” he said. 
EDS’s reputation could be 
| harmed if the agency proceeds 
| with the lawsuit, said John 
| O’Brien, an analyst at London- 
based research firm Ovum 
Ltd. Ina . te published on 
| June 21, he _ sid EDS has been 
| rebuilding its reputation in the 
| U.K. public sector since losing 
| the tax agency’s contract to 
| Capgemini last year. 
The company got a big 
| boost in rehabilitating its im- 
| age when it won a $77 billion 
| IT services revamp contract 
with the U.K. Ministry of De- 
fence last March [QuickLink 
| 52897]. 
However, O’Brien noted 
| that “this ghost of EDS’s past 
| just won’t go away” and that 
the company must be careful 
about how it handles the situa- 
tion. @ 55330 
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SAP Extends Oracle 
Migration Plan 


In a move to attract more cus- 


tomers from Oracle Corp., SAP AG | 


is extending its Safe Passage mi- 
gration program to include small 
and midsize enterprises world- 
wide. SAP and its mySAP All-in- 
One channel partners will provide 
companies running PeopleSoft 
and J.D. Edwards software a mi- 


gration path to nearly 600 mySAP | 


All-in-One applications. 


Corel Names Former | 


IBM Executive CEO 


Corel Corp. has named former IBM 
executive David Dobson its CEO. 
He replaces Amish Mehta, who 
takes over as chairman. Mehta be- 
came interim CEO in August 2003, 
when Corel was acquired by Vec- 
tor Capital Corp. Dobson held sev- 
eral posts in his 20 years at IBM, 
most recently corporate vice presi- 
dent in charge of strategy. 


Judge Lets SCO 
Lawsuit Proceed 

The SCO Group Inc.'s slander law- 
suit against Novell Inc. is now set 
to enter the discovery phase after 
the judge in the bitter battle denied 
a second Novell motion to dismiss 
the case. SCO filed the suit in Jan- 
uary 2004, arguing that it owns 
the rights to the Unix and Unix- 
Ware copyrights. SCO is seeking 
damages from what it says are 
Novell's false claims about owning 
the Unix source code. 


Accenture Wins 
Army Contract 


The U.S. Army has awarded Ac- 
centure Ltd. a 10-year, $537 mil- 
lion contract to build and support 
new financial systems that will 
allow the Army to better track its 
income and spending. The Army's 
Program Executive Office for En- 
terprise Information Systems said 
Accenture was selected over four 
unnamed vendors to build the ser- 
vice’s new General Fund Enter- 
prise Business System. 
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Harried IT Execs Are 
Being Hounded by... 


... pollsters who desperately want to pick their brains. 
“After doctors, IT guys are the most surveyed guys 
in the country,” observes Jeff Henning, chief operat- 
ing officer at Perseus Development Corp. in Brain- 
tree, Mass. Your popularity among researchers often 


makes you 
reluctant to 
answer their 
endless 
queries, he 
says. The 
longtime 
market re- 
search expert 
claims that 
it’s even 
worse in 
England, 
where he recalls having to 
bribe IT managers “with 40- 
year-old bottles of scotch” to 
get them to complete re- 
search studies. While dusty 
jugs of pricey booze may get 
your attention, handing them 
out isn’t cost-effective for the 
researchers. Still, question 
you they must, argues Hen- 
ning, “because [businesses] 
don’t have the deep relation- 
ships with individual cus- 
tomers that [they] once did.” 
To help companies survey 
customers about satisfaction 
levels or future needs with- 
out abusing their precious 
time, Perseus sells Web-based 
software that centrally man- 


HENNING 
CU ee Le 
tired of 
surveys. 





ages the entire research 
process. The company’s Sur- 
veySolutions/EFM 1.4 up- 
grade ships next week with 
improved trend-data report- 
ing, added question libraries 
and a host of other updated 
features. Pricing starts at 


| $40,000. 


Dump road warriors’ 
docking stations... 
... and replace them with USB 
port replicators. Matthew 


| Chang, marketing manager at 


Addlogix Inc. in Irvine, Calif., 
boasts that his company’s 
UnixXpress device needs only 
a single USB connection to a 
laptop PC to handle signals 
from your monitor, keyboard, 
mouse, LAN, printer, speak- 
ers and more. And you can at- 
tach a second monitor to the 
$179 unit and use it with your 
laptop’s screen to create a 
single display. Chang says 
Addiogix is working on so- 
called IP-KVM technology 
that lets you use a PC across 
the Internet as if it were local. 
That should be ready in Sep- 
tember, he says. 





Free is good, 

especially if... 

... it’s for something useful. And 
Rosie Hausler, vice president 
of marketing at Nsite Inc. in 
Pleasanton, Calif., believes 
you'll think her company’s of- 
fer of free access for 100 users 
to its Nsite Starter Edition is 
very practical, indeed. The 
online service gives you tools 
to manage IT service re- 
quests, work- 
ers’ time off, 
employee sta- 
tus changes, 
travel autho- 
rization and 
staff perfor- 
mance re- 
views. Hauser 
contends that 
once you get 
hooked on the Starter Edi- 
tion, you'll be back for more, 
including Nsite’s flagship 
CRM tools, which cost $20 
per user on a monthly basis. 
This fall, she says, the compa- 
ny will add self-service tools 
for creating business process 
automation applications us- 
ing Nsite’s predictive routing 
engine. The idea is to help 
automate enterprise-to-enter- 
prise activities, using busi- 
ness rules defined by your 
business analysts. The best 
news is that users of the ser- 
vice won't have to bother IT, 
Hausler claims. “There’s no 
codiny,” she says. “It’s all 
drag-and-drop.” 


HAUSLER is 
OU Rend 
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Sharpen security 

on the edge of. . . 

... the corporate network by “en- 
capsulating” all corporate data on 
mobile devices. That’s the theo- 
ry behind Trust Enterprise 
Secure (TES) 5.0, which is 
due to ship late this month 
from McLean, Va.-based 
Trust Digital Inc. CEO Nick 
Magliato says the software 
encrypts your applications 
and their data “into a corpo- 
rate capsule” on a mobile de- 
vice. He notes that knowledge 
workers come to work armed 
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with handhelds, thumb drives, 
iPods and all manner of gad- 
gets, some of which actually 
heip them do their jobs but 


| all of which can carry sensi- 


tive company info. TES can 
secure the data, identify de- 
vices that are trying to access 
your network and give you 
the power to refuse them ac- 
cess. For example, Magliato 
claims that the software will 
let you set a policy dictating 
that only Palm handhelds are 
acceptable or that no USB de- 
vices can connect to a given 
LAN segment. The TES serv- 
er software costs $20,000, and 
client licenses start at $100 
per employee. 


Computer porn 
probiem persists . . . 

... inside the Fortune 500. Ac- 
cording to a survey conduct- 
ed in May by Atlanta-based 
Delta Consulting, half of 

the 50 executives who were 
polled said their companies 
have had incidents in which 
employees were disciplined 
for maintaining pornographic 
images on their computers 
(QuickLink a6330]. That’s 
why Jack Sunderlage argues 
that IT needs to protect its 


employees 
ua 


from the 
rude, crude 

eee lt ee | 
UR Me lace 


and possibly 

illegal im- 

eee ne with porn on 
lating in the Teint 
workplace. MT RU 
Naturally, Chartered 
the CEO of Sica 
Content- Personnel and 
Watch Inc. Tate s 
in Salt Lake 

City wants you to choose 
ContentProtect 2.0 when it 
ships this month. The $40- 
per-seat client software pre- 
vents prurient end users from 
reaching places deemed to be 
porn sites by ContentProtect. 
Sunderlage claims the up- 
grade is 400% faster than the 
current Version 1.8 and in- 
cludes improved mass-de- 
ployment tools. @ 55303 
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Microsoft Taps Japan 
For Software Research 


TOKYO 
ICROSOFT CORP. is teaming with 
Mi six elite Japanese universities in 
a bid to expand its software re- 
search, Bill Gates, the company’s chair- 
man and chief software architect, said 
at a news conference here last week. 

The Microsoft Institute for Japanese 
Academic Research Collaboration, 
which opened July 1, will develop nat- 
ural-language and speech recognition 
software as well as advanced user 
interfaces. 

“Software today is very simple com- 
pared to what it will become in the fu- 
ture,” Gates said. Voice 
recognition, visual 
recognition and artifi- 
cial intelligence systems 
“are still just a dream,” 
he noted, adding that 
companies such as Xe- 
rox Corp. have failed to 
turn their research in- 
vestments into com- 
mercial products. 

“We want to change 
that and keep a strong 
relationship between 


PAUL KALLENDER/IDG NEWS SERVICE 


GATES wants strong ties between 
geen tet Rect 0m 


products and research,” he said. 
Microsoft will give the institute’s 

| researchers its latest software and set 

up fellowships and scholarships to pro- 

mote the research, Gates said. He de- 

| clined to say how much Microsoft is 

investing in the venture. 

mw PAUL KALLENDER, IDG NEWS SERVICE 


Tria! of Sasser Suspect 
Begins This Week 


DOSSELDORF, GERMANY 
HE TRIAL OF 19-year-old Sven 
Tee accused of creating and 
releasing the Sasser worm respon- 

sible for crashing hundreds of thou- 
sands of computers worldwide in May 
2004, begins this week 
in Verden, Germany. 

The student from 
Waffensen, Germany, 
was arrested in May of 
last year and indicted 
in September. Jaschan 
has been charged with 
computer sabotage, 
data manipulation and 
disruption of public 
systems. In Germany, 
computer sabotage car- 
ries a maximum sen- 








tence of five years in prison. 

The Sasser worm, which spread 
quickly via the Internet, exploited a 
hole in Windows [QuickLink 49318]. 
In the U.S., for example, Sasser hit 
unpatched desktop systems at Ameri- 
can Express Co. and Boston College 
[QuickLink 46662]. 

German prosecutors have chosen as 
plaintiffs three of the country’s city 
governments and a broadcaster whose 
systems were disrupted by Sasser. 
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india Distributes Free 
Software to Citizenry 


BANGALORE, INDIA 
HE GOVERNMENT Of India plans to 
Tree CDs of free desktop soft- 
ware in 22 local languages to all 
of its citizens in hopes of broadening 
computer use in the country, especially 
in rural areas. 

India’s Centre for Development of 
Advanced Computing, a Pune-based 
government organization, is already 
distributing CDs with open-source 
software in Tamil and Hindi, and it 
plans to release a Punjabi-language ver- 
sion this summer, staff scientist R.KVS. 
Raman said last week. The CD includes 
a Web browser, an e-mail client and 
word processing software. @ 55302 
mw JOHN RIBEIRO, IDG NEWS SERVICE 
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Briefly Noted 


The U.K. Office for National Sta- 
tistics has incorporated data visu- 
alization software from Corda Tech- 
nologies inc. in its new Neighbour- 
hood Statistics Web site, the Lin- 
don, Utah-based vendor announced 
last week. Corda’s PopChart soft- 
ware lets visitors use interactive 
charts and graphs to view govern- 
ment data at the local level. 


Yamagata Bank Ltd., a regional 
bank based in Tokyo, has selected 
predictive analytics software from 
SPSS Inc. to improve its housing 
credit operations. Chicago-based 
SPSS said last week that the bank 
plans to develop a credit scoring 


Companhia Vale do Rio Doce 
(CVRD), the largest mining compa- 
ny in South America, has awarded 
Quadrem international Ltd. a five- 
year contract for e-procurement 
services, the Plano, Texas-based 
vendor said last week. CVRD, based 
in Rio de Janeiro, expects to elec- 
tronically purchase 100% of the 
materials and services it uses by 
the end of next year. 





Alleged Data Theft in India 
Puts Spotlight on Security 


BY JAIKUMAR VIJAYAN 
Recent data compromises in- 
volving outsourcing vendors 
in India are focusing renewed 
attention on offshore security 
and privacy safeguards. But so 
far, at least, they haven’t re- 
sulted in any calls for addi- 
tional controls from U.S. 
clients, according to execu- 
tives at several Indian firms. 
The most recent incident 
involved the alleged sale of 
information about more than 
1,000 U.K. bank accounts to a 
British newspaper. The data 
was obtained by an individual 
in New Delhi from call center 
contacts and sold to a reporter 
from The Sun, according to a 
story that the London-based 
tabloid published on June 23. 
That was the second such 





security breach involving In- 
dia’s call center and business 
process outsourcing industry 
to be reported in recent 
months. In April, 12 people, 
including three former call 
center employees of Mumbai- 
based Mphasis BFL Group, 
were arrested in India for al- 
legedly defrauding four Citi- 
bank account holders in New 
York of more than $300,000 
[QuickLink 53634]. 

“These things are scary,” 
said the vice president of tech- 
nology planning and develop- 
ment at a large investment 
management firm in the U.S. 
The IT manager, who request- 
ed anonymity, said his compa- 
ny has outsourced several ap- 
plication development and 
maintenance projects to a firm 





in India and already has sever- 
al security controls in place. 

For instance, the offshore 
team that is doing the devel- 
opment work has no access to 
production data and instead 
works with test and quality- 
control information. All access 
to nonpublic data, 
such as Social Secu- 
rity numbers and 
account details, is 
monitored, recorded 
and audited. 

The company also 
plans to roll out an 
event notification 
and management 
tool that is designed 
to give U.S. IT 
staffers even greater 
visibility into what’s going on 
at the facilities in India, the IT 
manager said. 

Those measures are being 
reviewed as a result of the al- 
leged security breaches, but 
there’s no immediate plan to 


add more controls, he said. 
“A very public security 
breach like this has naturally 
created some concern. But it 
has not created any backlash 
among customers,” said Marc 
Hebert, executive vice presi- 
dent at Fremont, Calif.-based 
Sierra Atlanta Inc., 
which has an IT ser- 
vices facility in Hy- 
derabad, India. 


¢ Py Much of that may 


=e | 


HEBERT says the 
alleged breach has 
nat led to backlash 

from customers. 


stem from the fact 
that U.S. companies 
have been requiring 
greater security con- 
trols on the part of 
vendors in India for 
some time now, said 
Sumedh Mehta, se- 
nior vice president of financial 
services at Mumbai-based Pat- 
ni Computer Systems Ltd. 
Mehta noted that several of 
Patni’s customers in the finan- 
cial services sector have a 
laundry list of security re- 


quirements that includes bio- 
metric access controls, camera 
surveillance of operations 
staff, two-factor user authenti- 
cation, data encryption, data- 
base monitoring and employee 
background checks. 

“You can’t get past the first 
meeting without showing 
what kind of security mea- 
sures you have,” Mehta said. 
Even so, more incidents could 
have an impact on the level of 
the IT work that is entrusted 
to Indian vendors, he added. 

In an apparent bid to stave 
off such concerns, the Delhi- 
based National Association of 
Software and Service Compa- 
nies issued a statement saying 
that it’s working with the Indi- 
an government to toughen 
data protection laws. Nasscom 
also is creating a centralized 
information repository for 
conducting background 
checks on job applicants 
[QuickLink 53817]. @ 55348 





www.computerworld.com 





NEWS 


Inaction on Offshoring Will 
Hurt U.S. IT, Author Says 


Hira claims that 
job shifts threaten 
ability to innovate 


BY PATRICK THIBODEAU 
USS. political 
and business 
leaders are ina 
state of denial 
over the impact 
of offshore out- 
sourcing, broth- 
ers and co-au- 
thors Ron and 
Anil Hira argue 

in their new book, Outsourcing 

America (Amacom, 2005). Ron 

Hira, an assistant professor of 

public policy at the Rochester 

Institute of Technology in New 

York, said in an interview with 

Computerworld last week that 

some actions need to be taken 

in response to the offshoring 


trend. Excerpts from the inter- 
view follow: 


By offshoring a lot of our IT work, 
is the U.S. losing its ability to in- 
novate? I personally think that 
is true in a number of re- 
spects. You’re creating the 
next generation of entrepre- 
neurs overseas. If you look at 
the IT services firms in partic- 
ular, who are sort of the first 
movers in all of this, they 
don’t do a lot of research and 
development, but that doesn’t 
mean they’re not innovative. 
What they’re doing is incre- 
mental innovation, and a lot of 
the capabilities are built into 
the learning the workers actu- 
ally gain [on projects]. And 

a lot of these companies are 
started by people who have 
worked at other companies. 
You are going to be losing that 





Continued from page 1 
Wachovia 


[cost] savings, and we were 
talking to our peers in the 
industry that had made pro- 
ductive savings through off- 
shoring and could attest to 
the quality of the work,” said 
Davis. 

The Charlotte-based bank, 
which shared its outsourcing 
plans with employees the 
week of June 20, has taken a 
course that maps with those of 
other large banks, such as 
ABN Amro Bank NV. These 
businesses are leveraging la- 
bor arbitrage and creating op- 
erational efficiencies by using 
a “follow the sun” approach to 
IT processing, said Bradway. 

By outsourcing application 
support to global services 
firms with regional capabili- 
ties in, say, the Far East and 
Eastern Europe, Wachovia and 
other banks “can quite easily 
compress the time it takes to 
deliver support requirements,” 
he noted. 

Wachovia successfully out- 








sourced two development 
projects to an Indian firm in 
the late 1990s and made use 
of an Eastern European firm 
to help it integrate its broker- 
age systems with those of Pru- 
dential Securities following 
the companies’ July 2003 
merger, said Davis. 

Davis declined to name spe- 
cific applications throughout 
each of the bank’s divisions 





next generation of potential 
entrepreneurs. 


Are you worried that the U.S. is 
going to lose its ability to stay 
ahead of the global IT market- 
place? I don’t think we can sit 
on our hands. I’m worried by 
the inaction. We’re at a state 
where essentially nothing has 
happened. U.S. companies 
may succeed, but 
they won’t neces- 
sarily succeed 
with U.S. workers, 
and that concerns 
me about our fu- 
ture. I do think we 
need to take some 
responses here. 


What responses can 
be taken? There are 
some no-brainer 
responses. [For ex- 


that have been targeted for 
offshoring. However, she did 
say that Wachovia will not be 
outsourcing support for core 
production systems, nor will it 
be offshoring support for any 
systems that contain sensitive 
customer information. 
Instead, the systems being 
targeted by Wachovia support 
back-office operations, such as 
applications that generate dai- 





ample,] extending trade ad- 
justment assistance to services 
workers. Software workers 
who are displaced by trade — 
and they are clearly being dis- 
placed by trade — are not eli- 
gible for trade adjustment as- 
sistance. It’s extended unem- 
ployment insurance, health 
care benefits and retraining 
money. 


What else should be done? The 
first step is that we acknowl- 
edge that this causes prob- 
lems. There are a lot of people 
out there who say that this 
really isn’t a problem. One of 
the other things 
that we could be 
doing is collecting 
objective data on 
this. The McKin- 
sey Global Insti- 
tute, which bene- 


nies figure out 
how to outsource 
more, just carne 


eomrarnwon da trmes 13 


| out with another study two 

| weeks ago. I don’t think that 
we should be relying on their 
data in order to have a public 

| discussion. 


Will a combination of business 

and technical skills be enough to 
| ensure future employment for 
| U.S. IT workers? The labor 
market here is going to be flat 
or shrink to some extent in re- 
sponse to [offshoring], unless 
there is a real increase in de- 
mand, and I don’t see that. 
I've heard a lot of people talk 
about the need for a mix of 
business and IT capabilities — 
just being a good programmer 
is not enough. If that were 
true, we would expect to see 
MIS programs in business 
schools booming because 
there would be so many com- 
| panies knocking on their doors 
trying to hire their graduates. 
The reality is, enrollments are 
down significantly in those 
MIS programs, too. The labor 
market signals aren’t there yet 
that that’s where you need to 


be. @ 55326 








ly reports or overnight proc- 
essing systems, said Davis. 

“For instance, the CIO team 
that supports the retail bank 
has selected maybe a dozen 
applications for this first 
round of review out of hun- 
dreds,” she said. 

“Wachovia isn’t terribly dif- 
ferent from what a lot of Wall 
Street firms have done, out- 
sourcing less time-critical and 


| customer-sensitive [data pro- 
cessing],” said Robert Iati, an 
analyst at The Tabb Group in 
Westboro, Mass. 

Davis declined to name the 
three vendors Wachovia is ne- 
gotiating with but said one is 
based in the U.S. and one is in 
India. She declined to give the 
location of the third vendor. 
All three offer global process- 
ing support, she said. @ 55338 
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DON TENNANT 


AMD: All My Disgust 


T WAS ONLY a matter of time before Ad- 
vanced Micro Devices filed an antitrust law- 
suit against Intel, alleging that its nemesis for 
years has engaged in anticompetitive practices 
that bullied hardware vendors into shunning 
AMD’s processors. As I’ve mentioned in this space 


before, you don’t have to 
look any further than Dell 
to see what’s been going 
on [QuickLink 54068]. 
Dare to use AMD proces- 
sors, and you'll pay dearly 
by losing those sweet 
pricing deals. 

It’s hard to fathom that 
Intel will fight the allega- 
tions with a wholesale 
denial that it uses strong- 
arm tactics. When a re- 
port released in March by 
the Japan Fair Trade Commission 
concluded that Intel contravened 
Japan’s Antimonopoly Act by com- 
pelling five major PC vendors to 
either be all-Intel all the time or cap 
their use of non-Intel processors at 
10%, it forced Intel to show its hand. 
The company opted not to officially 
challenge the report’s findings. Good 
call. A lot of this stuff is so blatant 
that plausible denial isn’t even an 
option. 

That’s not to say Intel won’t put up 
a fight. It will engage in the kind of 
legal maneuvering that only obscene 
amounts of money can buy, so that 
the case becomes so convoluted that 
it will languish in legal limbo until 
the Gateway cows come home. 
Meanwhile, life will go on, and hard- 
ware vendors will continue to be 
beaten into submission with Intel’s 
pocketbook. 

There’s a lot that’s disgusting about 
all this, but only about a third of my 
disgust is directed at Intel. I’m pretty 
disgusted, though, so that’s still a lot. 
Watching out for the best interests of 
your employees and shareholders is 
certainly commendable, but when 
you do it at the expense of fairness 





and respect for your 
partners and competi- 
tors, you deserve all the 
disdain you get. 
Another third of my 
disgust is directed at the 
wimpy hardware ven- 
dors that allow them- 
selves to be manipulated 
by Intel. In its 48-page 
complaint, AMD alleges 
that in 2001, Gateway 
CEO Ted Waitt told an 
AMD executive that his 
company had been offered “large 
sums” not to do business with AMD. 
“T have to find a way back to prof- 
itability. If by dropping you, I be- 
come profitable, that is what I will 
do,” the complaint claims Waitt said. 
Of course we don’t know if Waitt 
really said that, or anything like it. 
But there’s little question that hard- 
ware vendor executives have quiv- 


| ered and buckled to a degree that’s 
downright embarrassing. If they’d 
had the fortitude to stand up to Intel, 
the users who have been clamoring 
for more choice would have been 
much better served. 

The final third of my disgust is re- 
served for AMD. Its processor tech- 
nology is every bit as good as Intel’s, 
and arguably better. The only way 
Intel can be successful in its alleged 
attempts to bully vendors into shun- 
ning AMD chips is for there to be a 
perception among computer buyers 
that AMD’s products are somehow 
inferior. And AMD has no one to 
blame for that perception but itself. 
You can’t have technology that’s at 
least on par with Intel’s and yet have 
such a pathetically small share of the 
processor market, unless your mar- 
keting and execution have been 
mired in incompetence for years. 

It’s a shame it had to come this. 
Every Intel and AMD dollar that 
goes into a lawyer’s wallet is a dollar 
that could have gone into R&D to 
make better products. Now that’s 
disgusting. @ 55310 
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BRUCE A. STEWART 


Lying Low, 
And Thinking 
Big Picture 


IOs ENGAGED in the 
long march toward the 
technology-enabled 


enterprise — a journey that 
can take more than a decade — try to 
balance their desire for dependency on 
technology against the credibility of 
the IT organization. Paradoxically, 
though, you can be too credible for 
your time, and you just might have to 
lose some credibility to gain your long- 
term objectives. 

Let’s look at a very successful com- 
pany in the wood products business. It 
deals in volume, looking to cut prices 
per unit to win business — especially 
in international markets, where compe- 
tition is fierce — and leverage its abili- 
ty to ship large quantities of product to 
lock in large cus- 
tomers that have 
heavy demands. In 
this company, IT isn’t 
even about being a 
basic service pro- 
vider — the CEO’s 
focus on costs makes 
every decision come 
out as “How low can 
you go?” As a result, 
in the past year the 
CIO has dismantled 
his service desk op- 
eration, locked down 
PCs to minimize the 
need to intervene, 
forced further prod- 
uct duplication out of 
his software mix and 
postponed a much-needed upgrade for 
yet another year. 

Why is this CIO acting like this? 
He’s got his eye on the bigger picture. 
Today, the company can compete in 
this way, and the CIO’s mandate is to 
do the bare minimum. His company 
was involved in a recent merger that 
has forced him into consolidation 
mode, and a merger of two competing 
firms has crippled his company’s di- 
rect competitor, which was innovating 
through technology usage. Basic pari- 
ty with his industry as it currently ex- 
ists is all that’s required, so his archi- 
tectural efforts are on hold. Increas- 
ingly, the CIO’s capabilities in the IT 
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organization are going untested. 

But his long-term picture is quite dif- 
ferent. In a few years, the easy timber- 
lands the company is currently “min- 
ing” will be gone and the company will 
need to be more selective — and a pro- 
gram of mill consolidation and repur- 
posing that’s now being developed will 
have produced its results. The compa- 
ny will start to have more products in 
the mix than trains of stock lumber. 
Further industry consolidation and the 
entry of a new player through acquisi- 
tion will have changed the competitive 
landscape, and the recently changed 
leadership at the top of the firm will 
have had time to bring into focus its 
vision of the future. The time will be 
ripe to push forward, restoring previ- 
ous services and advocating business 
transformation through reinvestment. 

Most of us would look at this CIO 


and shake our heads. Withdrawing ser- | 


vices and hunkering down to do very 
little for a few years isn’t a typical 
résumé-building move. Yet this CIO 
has committed to turning this com- 
modity player into a full-fledged trad- 
ing company that treats each raw tree 
as a unique asset with a potentially dif- 
ferent value path. He can’t sell that idea 
today — after all, a company much like 
his own has swallowed up the competi- 
tor that tried this model. Believing that 
the long-term legacy is more important 
than short-term success, he will wait — 
and match the perception of the IT 
organization’s capabilities to the de- 
mands placed upon it. His credibility 
thus remains high, even as he limits 
IT’s ability to build credibility. 

There are times when the most deci- 
sive action is to do nothing. @ 55238 


THORNTON A. MAY 


In the Minds | 


Of Next-Gen 
IT Leaders 


RECENTLY ATTEMPTED 
to identify the skills that 


next-generation JT leaders | 


think they are going to need 
in order to be successful when their 
turn comes to run IT. 

I compiled information from four 
sources: the IT Leadership Academy, 
which has a database of 1,500 CIOs; 
the Berkeley CIO Institute, whose 
current class consists of 50 of the top 
next-generation IT leaders in the 


country; the 56 soon-to-be 
MBAs at Ohio State Univer- 
sity’s Fisher College of Busi- 
ness; and the 1,200 gradu- 

ates of UCLA's Managing 
| the Information Resource 
| Program. Thirteen arrows 
for the career quiver of the 
| future emerged. Tomor- 
| row’s IT leaders must: 

1. Know minds and how 

to change them. 

2. Be able to grow the next 

generation of IT leaders. 

3. Innovate and create new 

products and services. 

4. Responsibly manage customer 

information. 

5. Manage technology linearities. 

6. Implement cost accounting. 

7. Be globally aware. 

8. Be adept at storytelling. 

9. Enable collaboration across 

the enterprise. 
10. Deliver tools that enable foresight 
and insight. 
11. Understand what’s needed for 
regulatory compliance. 

12. Have a grasp of packaging and 
sourcing work. 

13. Be fully cognizant of information 
security. 

Regulatory compliance, packaging/ 
sourcing work and information securi- 
| ty weren't real surprises. These topics 
| have been covered in articles and con- 


ferences to the point of 


maining 10 skills reveal a 

great deal about the insight 

of the people who will be 

at the helm of technology 

in the next five to 10 years. 
I was initially surprised 


ing IT-enabled products and services. 
Led by academics like Rashi Glazer 
of the Haas School of Business at the 
University of California, Berkeley, 
next-generation IT leaders recognize 


| that the customer — and, more specifi- 
| cally, information about the customer 


to find “Be able to grow the 


next generation of IT lead- 
ers” close to the top of the 
list. But next-generation 
leaders are fed up with 
having to work from igno- 


rance and make do with the | 


| Skills at hand. Having come of age in a 
period when money for professional 
development was very limited, this 
generation has a history of acquiring 
skills on the cheap. Its members take 
their lessons where they find them and 
excel at extracting leadership nuggets 
from their environment. Current lead- 
| ers should be aware that their actions 
are being scrutinized. 

The next generation is unusually 
sensitized to the importance of mental 
models (how people think) and the 
process of changing how people think. 
One of the questions most frequently 
| posed to high-performance CIOs is, 
“How did you convince Executive X to 
| support Action Y?” 

Next-generation IT leaders are total- 
| ly in syne with senior management’s 
| desire to improve the top line by creat- 
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— is acompany’s most important as- 
set. Since the inappropriate manage- 
ment of customer information is in the 


| news nearly every day, they see a need 


| 





for years. Encryption capabilities 


AN 


for significant improvements and in- 


vestments in this area. 


Next-generation leaders are knowl- 
edgeable about the criticality of cor- 
rectly timing technology entrances and 


| exits. The cost microscope they grew 
| up under makes them aware of the 

| need for fiscal transparency, and low- 
| cost broadband has connected them 


to global markets and competitors for 


| their jobs. The next generation is very 


aware of global competition. 

And the truly insightful in the next 
generation are putting down their 
BlackBerry devices, pagers and cell 
phones and spending time fine-tuning 
their ability to tell compelling stories. 

Having spent time with the next- 
generation IT leaders, I think the future 
is going to be bright indeed. @ 55239 
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Electronic Medical Records Need Capital 


HE ARTICLE “Gingrich: Elec- 

tronic Health Records Needed 
in U.S.” [QuickLink 54639] regard- 
ing the push toward electronic 
medical records addresses a theme 
that can enhance the quality of 
medical care. What the article 
didn't address were the obstacles 
blocking universal implementation. 

Cost is one of the foremost ob- 

stacles. At a time of rising malprac- 
tice costs and a stagnant reim- 
bursement schedule, it’s unlikely 
that most medical practices will em- 
brace technology that requires a 
substantial initial investment and 
the ongoing costs of software 
maintenance and staff training. The 
costs of running a medical practice 
make the addition of electronic 
medical records a luxury, and until 
the nonphysician community is will- 
ing to contribute to the cost of es- 
tablishing computerized clinical 
systems, there is little financial mo- 


tivation to adopt a new way of doing 
things. Without the infusion of capi- 
| tal into the medical system directed 
| toward computerization of clinical 
| work, it is unlikely that the rate of 


| adoption of computers will change. 


| Carey M. Delcau, M.D. 
St. Louis, delcau@pol.net 


| Encrypt All Data 


APPLAUD C.J. KELLY in her ef- 
forts to creatively comply with a 
pending law in her state’s legisla- 
| ture to secure personal information 
[Protecting Consumer Data on the 
| Cheap,” QuickLink 54187]. 

But | would argue that what she 
is doing isn’t enough. Besides 
building an IDS, she also needs to 
think about encrypting the underly- 
ing data. Network cryptography 

| devices from companies such as 
Cylink have been used by the feder- 
al government and banking industry 





are also available in many routers to 
protect data leaving the premises 
and also automatically decrypt data 
once it hits the remote office router. 
VPN concentrators also have a 
place in branch connectivity solu- 


| tions. But tapes, CDs, DVDs, disk 


drives and other storage devices 


| will continue to leave the premises, 


either through off-site data rotation 
for disaster recovery, decommis- 
sioned equipment or outright theft. 
Unfortunately, there are few tools 
out there to help encrypt data on 
storage devices and manage all of 
the encryption keys. 
David Edborg 
Director of high availability 
solutions, Corigelan LLC, 
Chicago 


Tips Were on Target 


READ VIRTUALLY every article 
that appears on the subject of 
résumés, and | can assure you, as 


sional, that the advice written by 
| Douglas B. Richardson is some of 
the most accurate | have seen in 

| some time [“When a Lengthy Ré- 

| sumé Makes Sense for Executives,” 
| QuickLink 54597]. His analysis, 

| understanding and conclusions on 
this issue are totally on the mark. 
Grant Cooper, CRW 

Strategic Resumes, 

| New Orleans, yww@gs.net 
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Innovations by InterSystems 


Multidimensional Database Combines 
Robust Objects And Robust SQL. 


Imagine being able to rapidly develop applications 
that run much faster, with massive scalability. 

Now you can, with our multidimensional database 
for transaction processing and real-time analytics. 

Only Caché combines robust objects and robust 
SQL, thus eliminating object-relational mapping. 

It requires little administration, delivers speed and 
scalability on minimal hardware, and comes with a 
rapid application development environment. 

These innovations mean faster time-to-market, 
lower cost of operations, and higher application 
performance. We back these claims with this 
money-back guarantee: Buy Caché for new 
application development, and for up to one year you 
can return your license for a full refund if you are 
unhappy for any reason. * 

Innovative database. Guaranteed performance. 


InterSystems » 


CHE 


Rapid Integration Platform 
Makes Applications Perform In Concert. 


Imagine being able to get your applications to 
perform together as an ensemble. Easily. 

Now you can, with our universal integration 
platform. 

Ensemble is the first fusion of an integration server, 
data server, application server, and portal development 
software — in a single, seamless product. This is the 
complete ensemble of technologies needed for rapid 
integration, fast development, and easy management. 

These innovations mean all of your integration 
projects will be completed on time and on budget, 
with a simplified learning curve for your IT staff. 

We back these claims with this money-back guarantee: 
For up to one year after you purchase Ensemble, if you 
are unhappy for any reason, we'll refund 100% of your 
license fee.* 

Innovative integration. Guaranteed performance. 


InterSystems 


ENSEMBLE 


For a free copy of CACHE, or to request a free ENSEMBLE proof-of-concept project, visit www.InterSystems.com/Free5A 


*Read about our moncy-back guarantees at the web page shown above 
© 2005 ImerSystems Corporation. All rights reserved. InterSystems Cache and InterSystems Ensemble are trademarks of InterSystems Corporation. 6 0§ CombolnnoSCoWo 
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Internet Pioneer Looks Ahead 
Leonard Kleinrock, the man behind | A Florida berry supplier turns to For Open- -Source 

packet switching, predicts the advent of | MessageOne’s Emergency Mail C.J. Kelly is pleasantly surprised 





Neither Rain Nor Sleet | SECURITY MANAGER'S JOURNAL 
Nor. . . Hurricanes Eyeing an Opening 
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ENTERPRISE RIGHTS eT 
SOFTWARE EN: SURES THAT SEN: 
DOCUMENTS AND E-MAIL CA 

TED AND DON’T END 


HANDS ;. BY ROBERT L. MITCHELL <t 
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HEN CORNING INC. began selling products for 
military and aerospace use, the optical-fiber 
and cabling product manufacturer needed a 
way to show that it was following export 
controis and handling sensitive documents 
properly. “The government regulations are 
very explicit,” says James Scott, director of 
knowledge and information management. 
To meet those requirements, the Corning, N.Y.-based company deployed 
enterprise rights management (ERM) software from Liquid Machines Inc. 
Corning’s research and development staff uses the software to encrypt 
critical documents and apply rules that determine not just who has access 
to the files but also whether they can print, copy or forward them to oth- 
ers. The system also establishes a chain of custody, providing an audit trail 
of who accessed a document when and what they did with it. “We can put 
our hands on our hearts and say we know we are compliant,” Scott says. 
Government contractors such as Corning aren’t the only organizations 
thinking about document security these days. Recent high-profile data thefts 
and government regulations covering everything from financial disclosure 
to customer privacy have businesses worrying about where sensitive e-mail 
is going. IT organizations are struggling to control both dissemination of 
and access to corporate data contained in e-mail messages, Word docu- 
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ERM Tip Sheet 


deployment of the technology won't work because 

most systems rely on users to apply policy tem- 
plates. Although tools can be intuitive, users may find 
them inconvenient. 


1 Start with high-value content. Broad 


you need to protect. All vendors sup- 

port Microsoft Office and Outlook and PDF files, 
but support for other client applications differs. Some 
vendors offer a universal agent, while others require ap- 
plication-specific agents to be purchased for each docu- 
ment type to be protected. 


2 Know what types of documents 


document classifications and developing poli- 


3 Classifications are key. Defining 
cies that meet business needs are key steps to 


Here are five things to think about 
before deploying an ERM system. 


success - and the most time-consuming part of setting 
up a successful ERM system. 


systems and the policy classifications created 

should dovetail with records management, elec- 
tronic content management, e-mail and other systems 
such as engineering software. Look for partnerships with 
the vendors of your software. 


4A Think outside the ERM box. ERM 


of widespread encryption. Protect- 
ed files are encrypted. That means knowledge 
management, e-mail archiving, virus scanning, business 
continuity and other systems may be affected unless 
those programs are integrated with the ERM system. 
- Robert L. Mitchell 


5 Understand the implications 
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ments or other electronic document formats. Leaked 
customer data or an untimely release of financial in- 
formation can lead to public embarrassments as well 
as legal fines. 

But Corning, like many other organizations with 
large R&D investments, has another concern: pro- 
tecting documents pertaining to intellectual property 
that it’s develo “Many companies are very lax in 
their understanding and use of [ERM] as a way to 
protect their intellectual property, 


ERM Inside 


Like digital rights management software, ERM prod- 
ucts lock documents by encrypting them. But while 
DRM focuses on the consumer, ERM systems are de- 
signed to support document security policies both 
within and between busine and to provide an au- 
dit trail (see diagram on page 20). 

In an ERM system, a policy server stores encryp- 
tion keys, authorizes user access to documents and 
maintains policy templates that store rules that dic- 
tate what users in different roles can do with differ- 
ent clas ts. Users then apply those 
policies to documents as they create them. Most 
products require users to run agent software or plug- 
ins designed to work with specific applications, such 
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as Microsoft Word or Internet Explorer. Others, such 
as Microsoft Corp.’s Rights Management Services 
(RMS), require that applications be modified to na- 
tively support the ERM system’s application pro- 
gramming interfaces (API). Most also require an 
identity management infrastructure. 

“Tf you don’t have 
more challenging,” says Trent Henry, an analyst at 
Burton Group in Midvale, Utah. 

The ERM market, initially dominated by many 
small vendors, was given a big boost in the past cou- 
ple of years with the entry of Microsoft and Adobe 
Systems Inc. Both RMS and Adobe’s LiveCycle Poli- 


cy Server require applications to be rewritten to sup- | 


port their APIs. As a result, application support is 
very limited. Adobe’s product supports PDFs only, 
although the company says third parties provide 
agents for some other applications. Microsoft’s sys- 
tem supports only Office 2003 documents. It relies 
on third parties to offer centralized policy manage- 
ment features and provide agents to support non- 
compliant applications. 

Other vendors focus on providing an agent software 


overlay rather than relying on third parties to rewrite | 


their applications. Companies such as Authentica 
Inc. in Lexington, Mass., have more-established 


an enterprise directory, it will be | 
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DRM’s Language-Rights Wars 


INTEROPERABILITY OF ERM SYSTEMS 
depends on standards. But much of the technology be- 
hind ERM is based on what's going on in the consumer 
space with digital rights management, and those stan- 
dards are currently the focus of intense debate. 

One area of contention surrounds which markup lan- 
guage to use to enable interoperability between DRM 
systems. The debate pits the Extensible Rights Markup 
Language against the Open Digital Rights Language. A 
variant of the former has become part of a relatively new 
International Standards Organization standard called 
MPEG Rights Expression Language (REL). But the stan- 
dard is derived from intellectual property owned by 
Bethesda, Md.-based ContentGuard Inc., which is 
owned in part by Microsoft. Although the intellectual 
property in the standard must meet the ISO’s require- 
ment that it be made available under reasonable and 
nondiscriminatory licensing terms, it’s not royalty-free. 


“We believe that solutions that use this ISO REL are 
likely to infringe on our patents,” says ContentGuard in- 
terim co-CEO Bruce Gitlin. Furthermore, its patents on 
DRM are sufficiently broad that “it’s likely that any DRM 
solution would infringe on one of our patents.” 

“There's a huge, raucous debate about ContentGuard’s 
role,” says Trent Henry, an analyst at Burton Group. 

“Ido not agree with this at ail,” says Martin Lambert, chief 
technology officer at SealedMedia. Patents in the U.S., he 
laments, are “not well examined by the patent office, but 
are only really examined by the courts during litigation.” 

Standards may have to wait while vendors slug it out in 
the courts. Already, ContentGuard is “in discussions with 
everyone we know that has a DRM product” to pursue its 
claims, Gitlin says. ERM vendors may be next. 
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products but offer relatively limited application sup- 
port. Most support Office, Acrobat, HTML and Out- 
look documents, as well as common image formats, 
such as TIFF. But few support files created for other 
applications, such as computer-aided design systems. 


Legal Challenge 


Application support issues held back Fred Pretorius’ 
Microsoft RMS installation at Mintz, Levin, Cohn, 
Ferris, Glovsky and Pope PC. The Boston-based law 
firm wanted to use ERM to protect documents both 
internally and when routed among its six regional 
offices. “You don’t want someone to just forward 
things out,” says Pretorius, acting director of infor- 
mation services. 

Although the practice uses an all-Microsoft IT infra- 
structure, desktops had to be upgraded to Office 2003 
before RMS could be deployed. And that couldn’t hap- 
pen until compatibility problems with the law firm’s 
enterprise content management system were resolved. 
In the interim, Pretorius could have used third-party 
agent software on desktops to allow office applications 
to work with RMS. He passed on the work-around. 

“It’s the interaction of these add-ins that some- 
times causes problems,” he says. “You're better off 
waiting for Microsoft than dealing with the integra- 
tion nightmares.” 

The system is now in pilot, with a full rollout ex- 
pected this month. It wasn’t difficult to set up, and 
users find the interface easy to use, Pretorius says. But 
he wasn’t able to avoid other integration issues relat- 
ed to antivirus, e-mail archiving and enterprise con- 
tent management systems. Once content is encrypt- 
ed, it can’t be scanned. Without adequate safeguards 
on the desktop, some users could encrypt infected 
files and spread a virus by routing them to others. 

Pretorius’ e-mail archiving software, Veritas Soft- 
ware Corp.’s KVS Enterprise Vault, doesn’t have 
rights to view encrypted files and therefore can’t in- 
dex them for searches. But he says users are willing 
to live with that for now. “It’s an ease-of-use concern 
against security,” Pretorius says. Microsoft product 
manager Piyush Lumba says Veritas is looking into 
building RMS support into its KVS product. Other 
vendors have formed partnerships with key vendors 
such as Veritas and EMC Corp.’s Documentum unit. 

IT should consider the implications of the wide- 
spread application of encryption to documents 
throughout the organization, says Burton Group’s 
Henry. It could affect business continuity plans by 
slowing down the data-recovery process. Other chal- 
lenges include the long-term archiving of content en- 
crypted with proprietary techniques and the ongoing 
management of the keys to access it. 

Currently, RMS lacks the centralized controls Pre- 
torius would prefer. “Users have to remember to pro- 
tect their content,” he says. Pretorius says he’d like to 
layer on more-sophisticated policy services from 
Meridio Inc. or Liquid Machines that he hopes could 
be configured to automatically apply a rights man- 
agement policy based on the user’s role or the type 
of content being created. 

Corning’s Scott would rather not automate that 
process. “We want our users to think about docu- 
ment classification overtly,” he says. The more im- 
mediate problem, he says, is creating document secu- 
rity “roles and rules,” classifications and policies that 
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EE} The document creator receives policies from the 
server, which caches them for off-line use. 

) The author applies the policies to a document. 
The file is encrypted automatically, and rights are 
persistently attached. 

—] The author distributes the file. 

J The recipient opens the file. The software agent 
or Dynamic Link Library within the application calls 
the policy server, which validates the user and allows 
the application to open the file. The application ren- 
ders the file and enforces assigned rights, such as 
the ability to view, print, copy/paste or forward. 


[3 Alog of events is sent back to the server to 


fit business needs. These must also be consistent 
with document classifications used in other areas, 
such as the corporate records information manage- 
ment and content management systems. 

“You have to think ahead of time about what are 
the roles, the groups, and go through the homework 
of creating policies,” says Henry. 

That process can take more than a year, adds Scott, 
but he says it’s essential to avoid “classification by 
exception.” For Corning, that process was especially 
difficult because Scott identified few other compa- 
nies that could serve as a model. While many have 
three or four classifications for paper documents, 
few have addressed electronic documents. “We have 
not found many leading examples,” he says. 


Going Outside 
Extending the protection of documents outside of 
the corporate firewall presents a different 
set of challenges. A user who receives a 
document must receive authorization 
from the issuing policy server before it 
can be opened, so those services must be 
made accessible from the Internet. Recipi- 
ents of protected documents must be au- 
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thenticated when they first open them and may be 
required to do so each time they view the files, or 
users may be issued a “lease” that allows access for a 
specified period. 

When National Occupational Competency Testing 
Institute Inc. (NOCTI) needed to protect Web pages 
used for securing its online testing services, RMS 
alone wasn’t sufficient. “It could not enforce the 
rights through a browser for a machine that was not 
a member of my domain,” says Shawn Davis, IT man- 
ager. He uses GigaMedia Access Corp.’s GigaTrust 
product, which is built on top of RMS. 

With GigaTrust, clients use a plug-in for Internet 
Explorer. GigaTrust hosts Microsoft RMS, which is- 
sues the encryption keys to unlock requested HTML 
test pages once registered users log into the testing 
Web site. Test takers can view and interact with Web 
pages, but they can’t print or cut and paste content. 

Because the client PC had to request a new license 
to retrieve each Web page and then decrypt it, load 
times were as long as eight seconds. “That was a 
killer for us,” Davis says. After GigaMedia modified 
its software to allow local caching of the client-access 
certificate, load times dropped to about two seconds. 
Half of that time is taken up in decrypting the file, 
Davis says. The performance is now acceptable. 

Dealing with document certificate expirations is 
another issue. If the defaults aren’t set correctly for a 
given use case, IT managers could end up taking an 
angry call from the CEO, who could be locked out of 
files on his laptop when traveling. While NOCTI re- 
quires tight controls on lease times, Microsoft’s Lum- 
ba says his company is more liberal, enabling rights 
to encrypted e-mail content for a year. 

With 15% of NOCTI’s customers using online test- 
ing, and demand growing at 30% to 40% a year, docu- 
ment security has been a critical part of obtaining 
new business. “It’s been a big deal for us. The fact 
that we’re using this technology has been a primary 
selling point for our customers,” Davis says. 

ERM technology is still maturing, says Henry. He 
describes current users as early adopters and says 
nascent industry standards aren't yet fully devel- 
oped. For example, there are no established stan- 
dards for agent software, encryption, key manage- 
ment or a common rights markup language. That 
could be a problem for large enterprises if business 
units end up using different products, he says, and it 
makes scalability outside of the enterprise more dif- 
ficult. ERM systems are also expensive and may av- 
erage $100 to $200 per seat and $1 million or more for 
enterprisewide deployments. 

Nonetheless, ERM works well for “tactical” applica- 
tions where security needs are high, Henry says. Pro- 
tection of intellectual property, business-to-business 
e-mail containing sensitive content such as price 
lists, or strategic information shared among execu- 
tives are all good places to start. And he warns that 
some users, particularly executives, may balk at the 
technology if it’s too complicated. 

But that’s not a problem with executives 
at Pretorius’ firm. “The enthusiasm for 
this is very high,” he says. RMS has been 
reliable, Pretorius says, and with Service 
Pack | already out, he thinks there’s no 
reason not to go forward. “I don’t think 
anyone needs to wait,” he says. @ 55119 
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T WAS AUGUST OF LAST YEAR, and 
the Naples, Fla., headquarters of 
Global Berry Farms, a grower and 
shipper of bush berries, was di- 
rectly in the path of a hurricane 
named Charley. 

That concerned MIS manager Brian 
Clancy because he hadn't yet figured 
out a cost-effective way to keep the 
company’s e-mail up and running with- 
out interruption. 

E-mail had become one of Global 
Berry’s most important communication 
tools, and the company’s five regional 
sales offices spread across the U.S. all 
relied on the Florida headquarters for 
their e-mail service, says Clancy. Glob- 
al Berry uses Microsoft Corp.’s Ex- 
change Server 2003 for e-mail, he says. 

The IT staff had spent about a year 
reviewing the available options, and 
during that time, it decided that a clus- 
tered server environment was the only 
one that could provide a redundant, 
highly available e-mail system, he says. 

“We market fresh berries — straw- 
berries, blueberries and raspberries — 
highly perishable products, and our in- 
ventory turns over within 24 hours. We 
pull it in and ship it out as soon as pos- 
sible,” says John O’Connor, director of 
information systems at Global Berry. “In 
our disaster recovery plan, we were fo- 
cusing on e-mail and what could we do 
to keep it up, keep it running.” 

However, the hardware complexities, 
lack of protection against database cor- 
ruption and the problems — not to men- 
tion the cost — of implementing a clus- 
ter across geographic locations soon 
had the company pursuing other op- 
tions, says Clancy. 

After viewing an online demonstra- 
tion of a Linux-based e-mail continuity 
product called Emergency Mail System 
from MessageOne Inc. in Austin, Glob- 
al Berry’s IT staff decided to deploy 
it in the company’s Grand Junction, 
Mich., and Naples locations, he says. 


Reliability at a Low Cost 

The value of a system like Message- 
One’s EMS is that it provides a hot 
standby mail system in case the prima- 
ry system goes down — and it costs 
much less than it would to create a ful- 
ly redundant mail system in a second 
location, says Michael Osterman, an 
analyst at Osterman Research Inc. in 
Black Diamond, Wash. 

An added benefit is that the system 
can be activated over the Web or by 
telephone within a very short time, 
and users can access the EMS service 


Another key advantage of EMS is 
that it continually synchronizes with 
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NEITHER 


A Florida berry shipper finds a way to keep 
e-mail running under disaster conditions. 


By Linda Rosencrance 


users’ message stores so that they have 
access to their calendars, contact lists 
and older e-mails for the duration of 
the emergency, Osterman says. 
MessageOne is focused specifically 
on business continuity for e-mail, com- 
munications and applications. Other 
vendors, including FrontBridge Tech- 
nologies Inc., MessageLabs Ltd. and 
Critical Path Inc., may focus more on 
security, compliance, hosted e-mail 
boxes, patch management and disaster 


recovery, says Mark Levitt, an analyst 
at IDC in Framingham, Mass. 
“MessageOne has a compelling mes- 
sage about getting users back up and 
running quickly — 60 seconds — in 
an emergency,” Levitt says. 
Implementation of EMS was pretty 
painless, Clancy says. The first thing 
Global Berry’s IT staff had to do was 
work with the company’s Internet ser- 
vice provider to create an additional 
mail exchange record for the compa- 
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ny’s domain names, GlobalBerryFarms 
and GBFarms, that would point to the 
EMS system as the backup mail server. 
EMS is hosted at a disaster recovery 
facility in Texas, Clancy says. 

“After that, I installed the software. It 
was a simple wizard that you go through 
— click next, next, next for everything,” 
he says. “That installed the synchroniza- 
tion software that linked up our system 
with the EMS system to synchronize our 
contact records and calendar items.” 

Working with MessageOne, the IT 
staff took only a few hours to install 
the software on the two servers, con- 
figure it and put the system through 
some live tests, Clancy says. The sys- 
tem costs Global Berry $5,500 per year, 
which includes three activations, he 
says. Additional activations are priced 
at $1 per mailbox per month. 

When Clancy installed the EMS soft- 
ware late last year, it didn’t yet have the 
capability to replicate archived e-mail 
or previously sent and received items. 
Clancy says he’s planning to look into 
that feature and will probably add it to 
Global Berry’s package of services soon. 


Showtime 

When the power went out during Hur- 
ricane Charley, Global Berry activated 
MessageOne, says O’Connor. 

“Then when the e-mail tried to get 
routed to Exchange Server and couldn’t, 
the MessageOne systems realized Ex- 
change Server was down and automati- 
cally switched over,” he says. 

Once the system fails over to 
MessageOne, it makes a copy of the in- 
bound e-mails and stores them, explains 
O’Connor. When the power comes back 
on after a brief interruption and Ex- 
change Server comes back up, Message- 
One forwards those e-mails back to Ex- 
change Server. Users don’t even realize 
ithere’s been a problem unless they’ve 
been notified that Outlook was discon- 
nected, O’Connor says. 

But if the power goes out and Ex- 
change Server doesn’t comes back up 
for an extended period, MessageOne is 
activated and broadcasts alerts to users. 
They can then log onto a secure Web 
site set up by MessageOne where they 
can send and receive e-mails, he says. 

“When the Exchange Server went 
down [during Hurricane Charley], we 
knew it was going to be an issue be- 
cause the power could have been out 
for days, so we went ahead and activat- 
ed MessageOne,” O’Connor says. “And 
we were able to continue to operate 
flawlessly. Our communications were 
up and running, and we kept doing 
business, and our customers didn’t re- 
alize that we had a problem.” @ 54904 
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Find the tools and guidance you need for a well-guarded network 


at microsoft.com/security/IT 


Microsoft Windows XP Service Pack 2: Download it for | 
free and get stronger system control and proactive protection 


against security threats. 


Free Tools & Updates: Download free software like Microsoft 
Baseline Security Analyzer to verify that your systems are 
configured to maximize security. Manage software updates 
easily with Windows Server Update Services. 


> Microsoft Risk Assessment Tool: Complete this free, Web-based 
self-assessment to help you evaluate your organization's security 
practices and identify areas for improvement 


internet Security and Acceleration Server 2004: Download 
the free 120-day trial version to evaluate how the advanced 
application-layer firewall, VPN, and Web cache solution can 


improve network security and performance 


Microsoft 
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LEONARD KLEINROCK is 
emeritus professor of 
computer science at 
the University of Cali- 
fornia, Los Angeles. 
He created the basic principles of 
packet switching, the foundation of the 
Internet, while a graduate student at 
MIT, where he earned a Ph.D. in 1963. 
The Los Angeles Times in 1999 called 
him one of the “50 people who most 
influenced business this century.” 

Computerworld’s Gary H. Anthes in- 
terviewed Kleinrock in 1994 as part of 
the Internet’s 25th anniversary celebra- 
tion. Recently, Anthes asked Kleinrock 
for an update. 


FUTURE 
WATCHE 


You told Computerworld 11 years ago that 
the Internet needed, among other things, “a 
proper security framework.” What about 
today? In the past Il years, things have 
gotten far worse, so much so that there 
are parts of the population that are be- 
ginning to question whether the pain 
they are encountering with spam, 
viruses and so on is worth the benefit. 
I don’t think there’s a silver bullet. We 
need systemwide solutions. Strong au- 
thentication will help. IPv6 will help. 
Identifying the source of information 
— a networking issue — to make sure 
it’s not being spoofed will help. 


You called for better multimedia capabil- 
ities in 1994 as well. One of the major 
changes related to multimedia in these 
ll years has been the explosion of what 
we call the “mobile Internet.” There’s 
this ability now to travel from one lo- 
cation to another and gain access to a 
rich set of services as easily as you can 
from your office. The digitization of 
nearly all content and the convergence 
of function and content on really smart 
handheld devices are beginning to en- 
able anytime, anywhere, by anyone In- 
ternet — the mobile Internet. But there 
is a lot more to be done. 


Such as? We have to make it easier for 
people to move from place to place 
and get access. What’s missing is the 
billing and authentication interface 
that allows one to identify oneself easi- 
ly in a global, mobile, roaming fashion. 
We [will] see this change to an alter- 
nate pricing model where people can 
subscribe to a Wi-Fi roaming service 
offered by their company or from their 
home ISP. As these roaming agree- 
ments are forged between the sub- 
scription provider and the owners/ 
operators of today’s disparate public- 
access networks, the effective number 
of locations where a subscriber will be 
able to connect at no or low fee will 
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LOOKS AHEAD 


Leonard Kleinrock predicts ‘really 
smart’ handhelds and haptic interfaces 
but warns of out-of-control complexity. 


with Interface Message Processor 1, the Arpanet'’s first switching node. The 
minicomputer, configured by Bolt, Beranek and Newman, arrived at UCLA on Labor Day weekend 
MEL ORE RECUR M Ae Mrmr MUU maT IML a meee Tel elg 
computer at UCLA. Thus the Arpanet, the forerunner of today’s Internet, was born. 


grow. A key component in this envi- 
ronment is internetwork interoperabil- 
ity, not only for data traffic but for au- 
thentication and billing. The benefits 
will be ease of use and predictable cost. 


You mentioned smart handheld devices. 
Where are they going? We are seeing 
your phone, PDA, GPS, camera, e-mail, 
pager, walkie-talkie, TV, radio, all con- 
verging on this handheld device, which 
you carry around in addition to your 
laptop. It will [alter the properties of] 
a lot of content — video, images, music 


— to match what’s come down to the 
particular device you have. For exam- 
ple, you may be using your handheld 
cell phone to serve as a passthrough 
device to receive an image or video 
that you wish to display on some other 
output device — say, your PC or your 
TV. The handheld may need to “dumb 
down” the image for itself but pass the 
high-quality stream to the TV, which 
will render the stream to match its — 
the TV’s — display capability. 


is that capability of interest to corporate IT? 
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Absolutely. We see e-mail already on 
the handheld, as well as the ability to 
download business documents such 
as spreadsheets and PowerPoint pre- 
sentations. We'll see the ability to 
handle the occasional videoconference 
on a handheld, as well as other media- 
rich communications. We are right 

on the threshold of seeing these 
multifunction devices. Of course, 

the human-computer interface is 
always a problem. 


How might that improve? Voice recogni- 
tion is going to be really important. 
And there will be flexible devices 
where you actually pull out keyboards 
and screens and expand what you are 
carrying with you. Haptic technologies 
— based on touch and force feedback 
— are not yet here, but there’s a lot of 
research going on. For example, with a 
handheld, you could display a virtual 
keyboard on a piece of paper and just 
touch that. 


You have warned that we are “hitting a wall 
of complexity.” What do you mean? We 
once arrogantly thought that any man- 
made system could be completely un- 
derstood, because we created it. But 
we have reached the point where we 
can’t predict how the systems we de- 
sign will perform, and it’s inhibiting 
our ability to do some really interest- 
ing system designs. We are allowing 
distributed control and intelligent 
agents to govern the way these systems 
behave. But that has its own dangers; 
there are cascading failures and depen- 
dencies we don’t understand in these 
automatic protective mechanisms. 


Will we see catastrophic failures of complex 
systems, like the Internet or power grid? 
Yes. The better you design a system, 
the more likely it is to fail catastrophi- 
cally. It’s designed to perform very well 
up to some limit, and if you can’t tell 
how close it is to this limit, the col- 
lapse will occur suddenly and surpris- 
ingly. On the other hand, if a system 
slowly erodes, you can tell when it’s 
weakening; typically, a well-designed 
system doesn’t expose that. 


So, how can complex systems be made more 
safe and reliable? Put the protective con- 
trol functions in one portion of the de- 
sign, one portion of the code, so you 
can see it. People, in an ad hoc fashion, 
add a little control here, a little protocol 
there, and they can’t see the big picture 
of how these things interact. When you 
are willy-nilly patching new controls on 
top of old ones, that’s one way you get 
unpredictable behavior. @ 54835 
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Eyeing an Opening» 


For Open-Source 


| sive 400-plus-page document 


Our security manager is surprised when her 
boss takes an interest in exploring some 
open-source security options. By C.J. Kelly 


DON’T CARE MUCH for | 
Monday morning meetings. | 
Starting a week with a 
meeting always seems like | 
too sharp a transition from the | 
weekend. Eyelids tend to | 
droop, including mine. But on | 
one recent Monday, I snapped | 
to attention when my boss, the 
IT chief for our agency, said 
thathe hadinformed ~ 
the agency’s adminis- 
trator that we would 
be going the open- 
source route ona 
number of fronts to 
increase efficiency, 
productivity and cost savings. 

When I had suggested that 
idea to him six months earlier, 
he had been worried about in- 
tegrating open-source applica- 
tions into a purely Microsoft 
infrastructure. I had suggested 
using open-source software 
for applications that don’t re- 
quire integration but rather 
only compatibility with stan- 
dards such as SNMP, TCP/IP, 
LDAP, Java, HTTP and HTML, 
but I was pretty sure my pro- 
posal had fallen on deaf ears. I 
was wrong. 

My boss had taken note of 
my successful implementation 
of an intrusion-detection sys- 
tem based on open-source 
software (Linux, Snort, PHP, 
Apache and MySQL), but I 
wasn’t aware that he had de- 
veloped a workflow applica- 
tion that uses a MySQL data- 
base. Now that I know he’s 
open to implementing more 
open-source-based security 
devices, we’re on our way to 
finding alternatives to over- 
priced commercial software. 

Of course, we're a long way 
from putting Linux on the 
desktop, and our server farm is 
primarily Microsoft. But Pan- 
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| dora’s box is open, and our ef- 


forts have approval from the 
top. The sky’s the limit. Or I 


| should say, the limit will de- 


pend on how creatively I can 


| convert our current IT services 


to open-source alternatives. 
I'll focus on security first 
and then move toward the ser- 


vices provided by our Win- 


dows 2003 Enter- 
prise Server farm. 
Just for fun, I'll con- 
vert my own desk- 
top to Linux so I can 
manage the infra- 
structure from a 
Linux perspective and test the 
interoperability between my 
system and the Windows envi- 


| ronment. 


Seeking Guidance 


Some might think that my 
embrace of Linux is too gung- 


| ho, but I’ve done my research. 


Several months ago, I was 
searching on the Internet for a 
guide on migrating from Win- 


| dows to Linux. I found an in- 


teresting document from the 
German Federal Ministry of 
the Interior titled “Migration 
Guide: A Guide to Migrating 
the Basic Software Compo- 


|} nents on Server and Worksta- 


tion Computers.” Both Ger- 
man- and English-language 
versions of this comprehen- 


Some might think 
that my embrace 
of Linux is too 
gung-ho, but I’ve 
done my research. 


| and benefits analysis, total cost 


| guide presents recommenda- 
| of economic efficiency. In oth- 


| sis of your infrastructure, you 
| will either adopt a full and 





are available 
It starts off by covering key 
issues such as the following: 
® Definitions of terms such 


| as Open-source, proprietary 


and commercial, and the dis- 
tinction between replacing vs. 
continuing types of migrations. 
® Migration paths (Win- 
dows as the starting point, and 


| internal dependencies within 
| the Microsoft landscape). 


® Linux distributions (in- 


| cluding Debian, SUSE and 


Red Hat). 

® License models (GPL and 
BSD). 

The next section provides 
in-depth technical descrip- 
tions of the migration paths, 


with the discussion covering 


file systems, print services, au- 
thentication services, network 


| services, system audit and 

| management services, directo- 
| ry services, middleware (.Net, 

| COM, J2EE), Web services, 

| SharePoint Portal Server, data- 
| bases, groupware, Office/desk- 
| top migration, terminal servers 
| and thin clients, and high avail- 
| ability. It sure sounds like the 


authors covered all the bases. 


Then there’s an exhaustive 


| evaluation of economic effi- 

| ciency. This may not appeal to 
techies, but it’s the meat of sell- | 
| and Check Point firewalls, so 


ing a conversion program to 
senior management. The guide 
walks you through monetary 


of ownership, comparability 
and the full-cost approach. 
And there’s more! The 


tions based on the evaluation 


er words, based on your analy- 


complete migration to Linux, 
a continuing migration or a 
partial migration. 

My experience as a security 
manager also influences my 





attitude toward open-source. I 


have spent close to 20 years 

| working in the trenches in IT 
| security, where you'd often 

| hea the joke, “If it weren’t for 
| Microsoft, we'd all be out of a 
| job.” That’s because Micro 
soft’s closed operating system 
(and, just to be fair, we can ac- 
cuse Apple's first-generation 


| products of the same sin) has 


been fraught with technical 
flaws and security holes. 

I'm not attacking Microsoft. 
It’s one of the most successful 
companies in the world, and 
Bill Gates is one of the world’s 
most generous philanthro- 
pists. I'd even go so far as to 

say that Gates and Microsoft 
brought computing out of the 
scientific communities and 
into the hands of regular peo- 
ple. You have to give credit 
where it’s due. Microsoft 
changed our world. However, 
the world is changing again, 
and this time proprietary tech- 
nology is seen as the problem, 
not the solution. 

My agency doesn’t have the 
kind of budget that allows for 
blowing big bucks on Micro- 
soft products, just as I can’t 


| blow big bucks at Saks Fifth 


Avenue. Most of us get along 
pretty well shopping at Wal- 
Mart, and my agency will get 
along pretty well doing the 


| open-source equivalent. We'll 


spend some money on hard- 
ware, then use open-source to 


| manage the infrastructure and 
| : ‘ a ss : 

| provide services for a fraction 
| of the price of buying Micro- 


soft’s software. 

Our next Linux-based secu- 
rity project is a firewall. I have 
experience with Cisco PIX 


this will be an interesting proj- 


| ect to plan and implement. I 
| can compare the ease of ad- 


ministration and functionality 
as well as test my strategy, one 


| device at a time, to convert 


our infrastructure to open- 
source. Wish me luck. D 


| WHAT DO YOU THINK? — 


| This week's journal is written by a real 
| security manager, “C.J. Kelly,” whose 
| name and employer have been disguised 


for obvious reasons. Contact her at 
mscjkelly@yahoo.com, or join the dis- 
cussion in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 


Qcomputerworid.com/secjournal 
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Veritas Security 
Flaws Exploited 
Attackers have exploited secu- 
rity flaws in Veritas Software 
Corp.'s remote backup agent to 
take control of computers run- 
ning the software, according to 
the U.S. Computer Emergency 
Readiness Team. The organi- 
zation urged users of Veritas 
Backup Exec Remote Agent for 
Windows Servers to apply a 
security patch issued by Veri- 
tas. The software is used to re- 
motely trigger backup of data 
on servers. Veritas notified 
customers of the danger on 
June 22 and immediately is- 
sued a patch for affected ver- 
sions of the software. 


Microsoft Takes on 
Online Crime 
Microsoft Corp. is providing 
Japan's National Police 
Agency with early warnings 
about security threats to help 
the NPA battle online crime, 
said Bill Gates, the company’s 
chairman and chief software 
architect. Under an agree- 
ment signed in April, Micro- 
soft has been sharing infor- 
mation about security vulner- 
abilities in its products with 
the NPA’s High-Tech Crime 
Technology Division, provid- 
ing a hotline to exchange in- 
formation on cyberattacks 
and conducting training to 
heip the division combat on- 
line crime, Gates said. 


Start-up Debuts 
Security Device 

A start-up founded by three 
former Cisco Systems Inc. 
employees announced its first 
product, a multifunction secu- 
rity device. NetDevices Inc.'s 
$6-8 consists of hardware de- 
signed to minimize network 
performance problems and 
software applications that run 
independently, so if one fails, 
the rest keep going. The price 
is $15,000 for a base model 
that includes a four-port T1 
or Ethernet WAN card and an 
eight-port Ethernet LAN card, 
as well as firewall, VPN, QoS, 
routing and intrusion detec- 
tion/prevention capabilities. 
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Orchestria Tool Aids 


Policy Management | 
@ Orchestria Corp., a New York- 
based provider of active policy 
management software, has 
launched Orchestria 4.0. The sys- 
tem, which manages policy com- 
pliance for e-mail, instant mes- 
saging and other communication 
channels, includes a Web console 


feature that’s designed to provide | 


simplified surveillance capabilities. 
Pricing starts at $120 per seat. 


PwC Content Used 
In Security App 


® Brabeion Inc. will include Price- 
waterhouseCoopers’ information 
security content in its Enterprise 
Security Architecture System. 
Originally developed by PwC, 
ESAS is a Web-based tool that 
helps users ensure that they com- 
ply with IT security guidelines. 
McLean, Va.-based Brabeion pur- 
chased ESAS from PwC in April. 
Pricing will start at $75,000. 


Indicative 7.0 Ships 


® Indicative Software has re- 
leased a new version of its IT ser- 
vice management software. In- 
dicative 7.0 includes new fea- 


tures that allow users to follow the | 


path of business transactions via 
components such as JavaBeans 
and servlets, according to Fort 
Collins, Colo.-based Indicative. 
The Java-based software also in- 
cludes autodiscovery and agent- 
less monitoring of Citrix Meta- 
Frame and IBM AIX systems. Pric- 
ing is $65 per measurement; bun- 
died pricing starts at $100,000. 


Mandriva Upgrades 
Security System 

® Linux vendor Mandriva SA has 

released the second version of its 
Multi Network Firewall (MNF2) 
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Cracking Down on 
Intellectual Property Crime 


N FEBRUARY OF THIS YEAR, 24-year-old JuJu 
Jiang of Flushing, N-Y., was sentenced to 27 


months’ imprisonment followed by three years of 


supervised release and ordered to pay $201,620 
in restitution after being convicted of charges 


related to computer fraud. 


On March 4, Rolyn 

Abugan, 24, of Corona, 

Calif., was charged with 

criminal copyright in- 

fringement for uploading 

onto the Internet a copy of 

the movie Finding Never- 

land that had been sent to a 
“screener” for the Produc- 

ers Guild of America. Just 

four days after that, Seth 

Kleinberg, 26, of Pasadena, 

Calif., Jeffrey Lerman, 20, 

of College Park, Md., and 

Albert Bryndzda, 32, also of 
Flushing, pleaded guilty to & 
felony charges of conspiracy to com- 
mit criminal copyright infringement in 
U.S. District Court in New Haven. 
Theirs were the first U.S. cases to be 
brought as a result of an 18-month, 
multinational software piracy investi- 
gation known as “Operation Higher 
Education.” 

In recent years, we’ve witnessed a 
dramatic increase in cases of digital 
piracy and counterfeiting. The legal 
system is responding with aggressive 
prosecution and tough sentences. 

While the latest technologies are a 
boon for upstanding organizations 
large and small, they serve less- 
respectable individuals and organiza- 
tions as well. The worldwide trade of 
pirated and counterfeit goods affects 
all major markets, with the U.S. in the 
forefront. That’s not surprising, since 
the U.S. leads the world in the devel- 
opment of intellectual property and 
the manufacture of IP-related prod- 
ucts. (It was recently reported by 
the International AntiCounterfeiting 


Coalition that U.S. indus- 
tries that rely on copyright 
protection and derivative 
businesses account for 
more than $433 billion, 

or 5.68%, of the U.S. gross 
national product — more 
than any other single man- 
ufacturing sector.) 

Illicit trade threatens the 
competitiveness of both 
established companies and 
up-and-coming businesses 
— and the livelihoods of 
all of their employees. 
Available for purchase 


| from ae street vendors to large- 


scale mail-order organizations are all 
sorts of counterfeit goods, with DVDs, 
CDs, electronics and software at least 
| as popular as the more traditional 
watches, auto parts, perfume and 
clothing. It is estimated that these 
goods account for up to 7% of the 
world market and cost legitimate busi- 
ness several billion dollars annually. 
It’s obvious that legitimate rights 
holders lose money in the form of re- 
duced sales and profits when their 
goods are counterfeited; what’s not as 
obvious is that there are other conse- 
quences as well. For one thing, manu- 
facturers of bogus merchandise don’t 
observe manufacturing standards and 
regulations. As a result, bogus goods 
are of inferior quality. This fact cer- 
tainly isn’t lost on the consumers; they 
probably just ignore the shortcomings 
in the interest of saving money, but lat- 
er they may be disappointed to realize 
that there’s no support or recourse 
available to them after the purchase. 








Moreover, the counterfeiters don’t 
comply with regulations pertaining to 
the safety and health of their workers. 
And they don’t pay duties or taxes, so 
the nations where the goods are trad- 
ed lose out on potential tax revenues. 

Intellectual property crime general- 
ly falls into one of three categories: 
copyright violations, theft of trade se- 
crets and trademark infringement. The 
fundamental goal of each crime is for 
the perpetrator to realize a profit — at 
the expense of the real McCoy. Copy- 
right violation most often refers to the 
counterfeiting and piracy of software, 
movies and recorded music. Theft of 
trade secrets means the perpetrator 
has stolen proprietary information 
from any industry; it could be a manu- 
facturing business, a financial services 
firm or a technology company. Trade- 
mark infringement involves the coun- 
terfeiting and vending of brand-name 
items — handbags, clothing, watches 
and the like. 

With so much at stake, organizations 
and governments are stepping up ef- 
forts to stem the looting by counter- 
feiters. They’re having some success 
with the new technologies that aid in 
the identification of counterfeit prod- 
ucts. While useful, these technologies 
do have limitations: No single anti- 
counterfeiting system will solve the 
problem for all victimized businesses. 
Each organization must determine its 
specific market’s weaknesses and take 
at least some responsibility to protect 
its interests. 

When it comes to counterfeiting, 
everyone is an interested party, from 
the legitimate manufacturer to the 
retailer, the distributor and the indi- 
vidual consumer. When all parties act 
together, a united stance will prove to 
be the best defense against these of- 
fenses. @ 55280 
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Think Tank a aa Watch OPINION 
Tee _ Forrester Research says most cor- | The CIO of the Department of Veter- Useless People 
CB lean porate Web home pages are ans Affairs discovers a program to hire How do you deal with 
REVOLUT ION | abysmal; and a new book says it’s | disabled veterans; the current value of | useless employees? 
| time to move beyond “business an MBA trumps that of experience; and | , Columnist Paul Glen 
salignment” into “business-technol- | read about the best vacation you never | : says the first step is to 


ogy convergence.” Page 30 took. Page 33 define “useless.” Page 34 


Like it or not, old code is still around, and 
it needs special care. By Gary H. Anthes 


“Legacy is a word I despise,” says 
WIZ: WHAT IS “LEGACY” a Cruz, an IT manager at Co- 
SOFTWARE? i in New York. “Peo- 
oh Gatatsbscddccnscavaceveteceveece ple say ‘legacy’ and it’s like, ‘Oh my 
Cobol/mainframe code god, how could you possibly use that 
old garbage?’ But what it really means 
is that it was written by smart people a 
long time ago and it really works, in- 
stead of being the latest bug-ridden, 
bloated piece of garbage from some 
company that has only teenagers work- 
ing for it.” 
Secure, reliable and effective However you define legacy software, 
stuff that just keeps running, IT people say they know it when they 
year after year see it, and they know it didn’t all go 
away during Y2k remediation. It’s 
Interviews with a number of IT the stuff with poor documentation, 
managers turned up all of those defini- | spaghetti code stirred by too many 
tions, and more. | cooks, and processing cycles more 


“Legacy” refers to code written “by smart people a Te time ago [that] really works, instead of 
being the latest bug-ridden, bloated piece of garbage,” says Columbia University’s FRANK da CRUZ 


MANUELLO PAGANELL! 





28 COMPUTERWORLD July 4, 2005 


appropriate for 1970s ways of doing 
business. And it’s definitely not the 
stuff you tell college recruits about 
when they come looking for Java, Web 
services and grid computing. 

Yet, like da Cruz, a number of IT 
folks swear by it, not at it, saying they 
wouldn’t dream of switching that 
trusty old accounting system they 
custom-coded in the 1980s for some 
newfangled commercial package with 
a seven- or eight-figure price tag. 

But even the most enthusiastic of 
the legacy loyalists acknowledge that 
old software often presents special 
challenges. They employ a number of 
tricks — both managerial and technical 
— to keep the bits flowing in those old 


pipes. 


Not Older; Better 


For Paul Grant, director of retail sys- 
tems application development at Tow- 
er Records in West Sacramento, Calif., 
“ ‘Legacy’ is when the technology can 
no longer fit the business needs.” By 
that definition, Tower’s retail point- 
of-sale software, some 1 million lines 
of Cobol code dating to the mid-1980s, 
isn’t legacy software. 

Although Tower is modernizing it 
in various ways — by adding Web ser- 
vices interfaces to other systems, for 
example — the underlying Cobol ap- 
plication is likely to serve the company 
for years to come, Grant says. “A lot of 
people get caught up in the wow and 
sexy stuff, but I’ve been a proponent 
of keeping what we have rather than 
starting all over, because I don’t see 
the benefit,” he says. 

But it would be a mistake to think 
that Tower Records got its million 
lines of Cobol to its current useful and 
reliable state without a great deal of ef- 
fort. Tower bought the software in the 
early 1990s from a small vendor that 
supplied point-of-sale systems to 
mom-and-pop video-rental stores. 
“The source code was terrible,” Grant 
recalls, “and we had no document- 
ation.” 

Tower wrote its own user manuals, 
which it eventually gave the vendor as 
partial payment for the source code. 
As for the software, “it was spaghetti 
code, with a few meatballs thrown in,’ 
Grant says. “Every time we asked for 
a change, we’d get other retailers’ 
changes along with it. So the code 
got very bloated very quickly.” 

Tower gradually rewrote much of 
the code, making functional enhance- 
ments and breaking it into more man- 
ageable modules. For example, one 
750,000-line program was broken into 
four programs, and the custom code 


” 
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Words 


Forgot 


Frank da Cruz, an IT manager at 
Columbia University, says it's not 
fashionable to admit to running old 
systems. “People say they have to have 
the latest version of Windows and the 
latest three-letter acronym or buzzword 
or their stock will go down,” he says. 
“But the people in the back office are 
running something that's really battle- 
proven and tested and secure, like VMS, 
for example.” 

Da Cruz is the author of an online 
history of computing. Among the gems 
to be found in it is his “Giossary of 
Forgotten Terms.” Here’s a sampling 
from the good old days: 


eee Seem eeeeasecenserenssesese 


PPO O HERO E HEHE EEE SHER ESE EEE EEEe 


For definitions of those terms 
and much more information about 
those mad mainframes, check out 
da Cruz's Web site: 
www.columbia.edu/acis/history 
~ Gary H. Anthes 


written for other retailers was thrown 
away. It took three to four years of 
“blood, sweat and tears” to do that, 
Grant says. “Anytime we opened the 
code to make changes, we’d do as 
much maintenance as possible.” 

But, Grant notes, “we ran into situa- 
tions where we just couldn’t untangle 
the mess, so we left it. We didn’t want 
to break it.” 

More recently, Tower has been able 
to avoid much of the previous angst by 
using the AcuBench Cobol develop- 
ment tool from Acucorp Inc. in San 
Diego. It replaces, among other things, 
a Unix-based VI Editor that Grant de- 
scribes as “terse and slow” as well as 
manually written editing and searching 
scripts. AcuBench greatly speeds 





maintenance and debugging work, 
and it helped Tower “untangle the 


| spaghetti code,” he says. 


Business Trumps Tech 

The Ship Systems unit of Northrop 
Grumman Corp. in Pascagoula, Miss., 
has about 7 million lines of mainframe- 
based Cobol and Fortran code. Dating 
from the late 1970s and early 1980s, it 
supports finance, human resources, 
payroll, materials management and 
some engineering applications. 

Jan G. Rideout, a vice president and 
CIO, says there isn’t much of a techni- 
cal case to be made for replacing the 
old code with something more mod- 
ern. “Maintaining those systems is 
pretty easy for us,” she says. “The 
mainframe environment is very secure, 
configuration management is excel- 
lent, and we have excellent tools.” 

But can she find people to maintain 
those dusty old systems? “We have a 
very low attrition rate,” she says. “We 
do hire programmers out of college, 
and we do teach them Cobol.” 

Nevertheless, for business reasons, 
Ship Systems decided two years ago to 
scrap most of the legacy code in favor 
of packaged software from SAP AG. 

The legacy software is no longer 
flexible enough to meet the needs of 
the business units, Rideout says. “It 
limits the types of really large process 
improvements they could make,” she 
says. “While they can make incremen- 
tal, small changes, this basically dic- 
tates the way they run their business.” 

For example, Rideout says, using 
wireless I/O devices at the 
company’s shipyards would 
be very attractive, but it 
would require building a 
whole new set of applica- 
tions on top of the legacy 
systems. 

Still, Rideout cautions 
managers not to expect big 
maintenance cost savings after SAP has 
gone live. “That’s overhyped by the 
suppliers who want to encourage you 
to replace your mainframe systems,” 
she says. 

But during the long SAP phase-in, 
Rideout says, she’ll continue to pay 
close attention to the personnel issues 
presented by a 250-person IT organiza- 
tion going through a major transition. 
Knowledge of older systems in the 
heads of older workers must be shared 
with younger workers, who in turn 
must be given a chance to work on 
more modern technologies, she says. 

“Once people get over the it’s-my- 
father’s-Cobol thing, the young kids 
can be a little open-minded and get 
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The main- 
frame envi- 
ronment is 
very secure, 
configura- 
tion man- 
agement 
is excellent, and we 
have excellent tools. 


JAN G. RIDEOUT, VICE PRESIDENT AND CIO, 
NORTHROP GRUMMAN CORP. 


into these older systems and see that 
there are some interesting aspects to 
them,” Rideout says. 

Bill DeRosa, vice president of IT 
management at DaimlerChrysler Ser- 
vices Americas in Farmington Hills, 
Mich., says he has three major systems 
that are more than 15 years old, includ- 
ing a wholesale system that tracks ve- 
hicle inventories on dealer lots. “We 
have looked at them from time to time 
and haven’t come up with a real good 
reason to replace them,” he says. 

In fact, those mainframe Cobol sys- 
tems provide a model for modern dis- 
tributed systems when it comes to se- 
curity, maintainability and change man- 
agement, he says. “We are reinventing 
the wheel in the client/server world in 
terms of putting the disciplines in place 
that we already know how to do on the 
mainframe, ” DeRosa says. 

But he acknowledges that 
maintaining old Cobol sys- 
tems isn’t what his devel- 
opers want to do. “So we 
see this as a great opportu- 
nity to go offshore,” says 
DeRosa. “The main driver 
for the legacy systems is 
people, and India gives us a way to 
prolong the life of these systems.” 

Indeed, another automaker has also 
found that the way to deal with legacy 
headaches is to outsource them to 
someone else. General Motors Corp. 
has turned over most of its late 1970s 
and early 1980s code to Electronic Data 
Systems Corp. Still, GM holds an annu- 


| al review of those systems to deter- 
| mine whether any of them ought to 


be modernized or replaced. 

And, says Fred Killeen, acting chief 
technology officer, GM enthusiastical- 
ly entertains suggestions from EDS as 
to how the systems might be improved. 
“It’s the kind of thing we want suppli- 
ers to bring to us,” he says. @ 55070 
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SUDDENLY YOU CAN APPRECIATE 
MICROMANAGERS. 


Finally a micromanager you want around: the powerful and reliable HP Proliant ML310 G2 server. Loaded with 
HP-developed manageability features and powered by the Intel” Pentium” 4 Processor, the ML310 is designed to minimize 
maintenance and maximize productivity. Just pop in the SmartStart CD to walk you through installation and get your 
system up and running. HP Systems Insight Manager will monitor your system and alert you to potential problems 
before they arise. Then leave it be—the optional remote management? tools let you keep track of your server no 
matter where you are. And, for a fast, easy backup solution, bundle it with the all-new HP StorageWorks DAT 40 USB 


internal tape drive. Just another reliable solution from the HP Smart Office Portfolio. 


SMART ADVICE > SMART TECHNOLOGY > SMART SUPPORT 


Prices shown are HP Direct prices; reseller and retail prices may vary. Prices shown are subject to change and do not include applicable state and local taxes or shipping to recipient's address. Offers cannot be combined with any other offer or discount, are good while supplies last and are available from HP Direct 
and participating HP resellers. All featured offers available in U.S. only. Savings based on HP pubiished list price of configure-to-order equivalent ($1,427 - $358 instant savings = $1,069). Certain warranty restrictions and exclusions may apply. For complete warranty details, call 1-800-345-1518 (U.S.). 1. For hard 
drives, GB=billion bytes. 2. Optional Remote insight Lights-Out Edition ll (RILOE I). Intel, Intel inside, the intel inside Logo and inte! Pentium are trademarks or registered trademarks of inte! Corporation or its subsidiaries in the United States and other countries. ©2005 Hewlett-Packard Development Company, LP. 
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Thinklank 


BRAIN FOOD FOR IT EXECUTIVES 


SOURCE: ALINEAN INC., ORLANDO, JUNE 2005 


Global Home Pages 
. ' 3 

Receive ‘Abysmal 
Report Cards 
A GLOBAL CORPORATION’s Web home 
page is an entry point for every conceiv- 
able visitor, from investors and business 
partners to customers, and research 
shows that you have only eight seconds 
in which to make a good first impression. 
But most corporate home pages are 
“abysmal,” says a report by Forrester 
Research Inc. analyst Ron Rogowski. 

Rogowski audited the home pages of 
the 100 biggest global companies and 
found a sea of wasted space, navigation 
problems, cryptic categories and “blocks 
of inane marketing messages. 

The key is to conduct usability research 
and analyze clickstream data to figure out 
what visitors really want to do when they 
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: 
Shell Directory 
Visit our country and 
business websites around 


= Shell for Businesses 

= Sheil offers oils, fuels, 
financial services, dynamic 
business solutions and 
more to businesses of ail 
sizes 


reach the home page. Success is mea- 

: sured not by how much time the visitor 

: lingers, but by how fast the home page 

= routes him to the right regional site or 

: product page, Rogowski says. 

The study found some pockets of en- 

: lightenment, at BP PLC in London, Royal 
Dutch/Shell Group of Companies in the 

: Hague and Credit Suisse Group in Zurich. 
These companies track the user path off 


Best Bits 


The most useful parts of recent business 
ont 7 connnguenent books 


THE BOOK: The 2nd Digital Revolution, by 
Stephen J. Andriole (CyberTech Publishing, 2005). 
Apparently, in the first digital rev- 
olution, IT was used for tactical 
operations, whereas in the sec- 
ond revolution, IT is at a strategic 
level. I'm not so wild about the ti- 
tle, but the book itself has a good 
deal of candor about the role IT 
needs to play in corporate Ameri- 
ca. For example, Andriole says it's 
time to move beyond talking about 
“business alignment,” which is a 
sequential approach, and take a 
more holistic approach that recog- 
nizes that business and technology are 

so intertwined, it's hard to tell where one ends and 
the other begins. Andriole - a professor at Villano- 
va University and a Cutter Consortium consultant - 
Calls it “business-technology convergence.” CRM 
is a great example: It's both a business model and a 
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Sheli.com 
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Shell for Motorists 

More than 20 milion 

customers a day visit Shell 
stations for ae 


About Shell 
Investor Centre 
Media Centre 
Environment and 
Society 


Shell for the Home 
Shell offers a range of 
products and services for 
the home - from natural gas 
and electricity to fuels and 
lubricants. 
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: the home page to identify the most-visited 
: areas. This guides decisions about which 
: content and links should be included on 

: the home page. 


Royal Dutch/Shell takes it a step further 


> and adjusts the page based on the day 

: of the week: On weekdays, it features 

= content aimed at investors; on weekends, 
: it switches to content for consumers. 


- Mitch Betts 


technology. Or, as one prescient ClO used to say, 
“There are no technology decisions - only busi- 
ness decisions.” 

The book covers a lot of other ground, from IT 
governance to staffing. But it's the no-nonsense 
statements that | like best. On the subject of IT 
standardization, for example, Andriole says varia- 

tion is your enemy and “nonstandard- 

ization is just plain stupid.” 

As for return on investment and 
total cost of ownership metrics, he 
says that they're great, but “you can- 
not build a business with these ham- 
mers.” Andriole adds that “obsessive- 
compulsive TCO/RO! behavior is as 

" unhealthy as any obsessive-compul- 

e behavior.” 

And to answer Nicholas G. Carr's 
question as to whether IT matters, the 
author replies: “Try telling a CEO that 

a botched $100 million ERP system 
doesn't matter.” @ 55116 


ITION 


- Mitch Betts 


WANT MORE BRIGHT IDEAS? 
www.computerworld.com/blogs/betts 
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Congratulations Award 


Recipients! 


Mobile & Wireless World (M&WW), in conjunction with Computerworld, 
proudly presented the third M&WW “Best Practices in Mobile & Wireless” 
Awards Program. This program honored seven IT user “best practice” 
case studies selected from a field of qualified finalists. 


A COMPUTERWORLD 
‘))) MOBILE & WIRELESS WORLD 


Best Practices 
IN MOBILE & WIRELESS 


AWARDS PROGRAM 


Winners were recognized at the Mobile & Wireless World SPONSORED BY 


=... 


Awards Ceremony - Wednesday, June 15th in Scottsdale, Arizona 





Deploying Wireless 
Mobility in 
the Enterprise 


Recipients 
¢ Cox Communications, Atlanta, Georgia 
¢pH Europe Ltd, Huddersfield, United Kingdom 


Honorable Mention: Staples, Incorporated, Framingham, Massachusetts 





Transforming the 
“Brick and Mortar” 
Enterprise 


Business Evolution 
through Mobilizing 
Field Workers 





Recipients 
¢ Landstar System Incorporated, Jacksonville, Florida 


¢ Zipcar, Cambridge, Massachusetts 
Honorable Mention: Blue Cross Blue Shield of Massachusetts, Boston, Massachusetts 





Recipients 
* Maytag Corporation, Newton, lowa 
¢ Saia Motor Freight, Duluth, Georgia 


Honorable Mention: The ServiceMaster Company, Downers Grove, Illinois 








Managing Cellular 
Mobile Data 


Recipient 
¢ The PMI Group, Incorporated, Walnut Creek, California 





A) MOBILE & WIRELESS WORLD 


Judging Criteria 


For information on Mobile & Wireless World 
visit WwwW.mwwusa.com 


Thank you to our “Best Practices in Mobile & Wireless” 
Judges for 2005: 


* Steve Delahunty, Vice Chair, 
Network Professional Association 


+ Jay AT. Stallard, Senior Manager, 
Pfizer Global Pharmaceuticals 


* Bruce Hoard, Technology Journalist 
and Network World founding editor 

* Julia King, Executive Editor of Events 
and National Correspondent, 
Computerworld 


* Ed Meskill, Publisher, Mobile 
Enterprise Media 

* Ralph Nichols, Service Program 
Manager, Pitney Bowes, inc. 


+ John C. Wade, Vice President and 


* John Stehman, Director of Research 


Operations and Principal Business 
Analyst, Robert Frances Group 


* Daniel Taylor, Managing Director, 


Mobile Enterprise Alliance, inc a - | 
Chief information Officer, Saint ae Cc | n g U a r 
Luke's Health System 


* Carl Zetie, Vice President, 


Forrester Research 


“Planned for August 1, 2005 issue 
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Employees’ development plans should mostly consist of work activities, says 


EMPLOYEE 


DEVELOPMENT 
ONA SHOESTRING 


Boosting skills needn t take much extra 
time or money, but it does require 
thought aid effort. BY DAVID PUTRICH 





in 67 defined competencies. At the 
bottom of the list was “developing 
| direct reports.” 
Another workforce development 
firm, Development Dimensions Inter- 
' national Inc. in Pittsburgh, reports that 


OUR ORGANIZATION is only as 
effective as the people who 
work there. And the best way 


to develop an effective and 
people challenged. So why is 
employee development “developing others” is 
companies? HT MENTOR leadership competencies. 
A study by Lominger Experts estimate that 
consultancy in Minneapolis, looked at ten skills-development plan and is exe- 
how well managers at many levels and cuting it. But are these employees 


motivated workforce is to keep 
often overlooked at U.S. rated the lowest of 22 
Limited Inc., a leadership development | about one in three workers has a writ- 
across multiple industries performed _| getting better? At which skills? How 
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good do they have to be? And at what? 
And what about the other two-thirds of 
workers? Are they getting better at 
anything that matters? 

Consider your own organization. 
How much more successful could your 
IT department and company be if your 
development efforts were truly focused? 
Are managers rated on how well they 
help direct reports develop skills? 

Even when employees are given 
training opportunities, it’s not always 
clear that the training results in the ex- 


i) pected outcome. According to psychol- 


ogist Daniel Goleman, who wrote 
Working With Emotional Intelligence 
(Bantam, 1998), “Estimates of the ex- 
tent to which skills taught in company 
training programs carry over into day- 
to-day practice on the job are as low — 
and gloomy — as a mere 10%.” 

To managers, that news is disheart- 
ening. But there is hope. Many organi- 
zations give high priority to develop- 
ing employees, and — training budget 
or no training budget — anyone can do 
it. So before you say, “I can’t do any 
skills development because the train- 
ing budget was reduced to zero,” con- 
sider this statistic from Lominger: 70% 
of what we learn as adults comes from 
our work experiences, 20% from a 
coach, and 10% from classes, work- 
shops, books and articles. 

Given that finding, the bulk of any 
individual’s development plan should 
consist of work activities. And there 
are some specific and tangible things 
a manager can do to help employees 
develop their skills: 

@ First, let your boss know what 
you're doing; you might want to estab- 
lish a performance goal for yourself of 
developing your people. If the manage- 
ment team hasn’t done much in terms 
of workforce planning, you may need 
to discuss future directions. 

@ Set aside time with each employee 
to discuss his career goals, particularly 
his understanding of potential roles in 
the organization. Suggest that the em- 
ployee find a mentor to counsel him 
on long-term goals. 

® Discuss the employee’s short- and 
long-term development needs toward 
those goals. 

@ Help the employee understand 
which skills — technical, process and 
interpersonal — your department and 
company need. Role definitions come 
in very handy here. 

®@ Help the employee understand his 
current skill level and desired level. 

® Coach the employee on his devel- 
opment strategies. Where appropriate, 
suggest courses or workshops. Most 
important, identify specific work activ- 
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DO IT YOURSELF 


If you’re an IT employee, managing your 
own career should be a top priority. 
Here are some simple steps to follow: 


THINK of career goals three and five years out. 
DETERMINE which roles will be available and 
which skills will be needed at your company. 
FIND a mentor. 
ASSESS your skill levels and identify 
short- and long-term development needs 
to reach your goals. 
KEEP IN MIND that developing skills takes 
time and requires small, day-to-day steps; 
start now. 
WORK on one or two skills at a time. Consider 
activities outside of work to boost your skills. 
ASK your supervisor to recommend a 
coach and a role model. 
ASK for constructive feedback from colleagues. 
REFLECT on your efforts. What worked? What 
didn't? What did you learn? Try new ideas. 

- David Putrich 


ities — a project, a committee, a spe- 
cial team, even something outside of 
work such as a volunteer activity — 
that will help. Make sure participating 
in these activities is included among 
the employee’s performance goals. 

@ Stress that skills development 
comes in small, day-to-day steps, and 
reflect that in the development plan. 
Suggest a peer who can coach the em- 
ployee, as well as a role model. 

@ Provide constructive feedback and 
encouragement as the employee makes 
changes in behavior. 

@ Encourage the employee to reflect 
on his plan and efforts: what worked, 
what didn’t and what else to try. 

Organizations that put a high priori- 
ty on employee development stay 
fresher and are more capable of chang- 
ing as business conditions require. 
Moreover, we know that challenges 
and opportunities to learn drive higher 
levels of job satisfaction, commitment 
to the organization, mental and physi- 
cal health, and life satisfaction. 

Employee development can be a 
simple process. It doesn’t need to take 
much extra time, nor does it require a 
big budget. Can you afford not to in- 
vest your time and energy in develop- 
ing your people? @ 55074 





Putrich recently retired from the central 
IT group at 3M Co., where he spent 

his last seven years working in employee 
development. He is a consultant and 

an adjunct professor at Concordia 
University in St. Paul, Minn., and Cardi- 
nal Stritch University in Edina, Minn. 
Contact him at djweb@mn.rr.com. 
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It may be getting harder to find any- 
one who still has a sense of humor 
about offshoring. On the one hand, 
executives are often fretting about 
cost savings that haven't met expec- 
tations. On the other hand, laid-off 
workers don’t 
see much to 
smile about as 
they think about 
techies in Ban- 
galore doing the - 
work they used to do, at a fraction 
the cost. A bit of whimsy is wel- 
come, and some arrived last month 
courtesy of satirist Art Buchwald. 
His June 9 column in The Washing- 
ton Post purports to be a transcrip- 
tion of a conversation with travel 


Basi M esl O)E 


agent “Tommy Cook,” who says he 
is offering outsourced vacations. 

Cook’s plan, as cooked up by 
Buchwald, is to have a local take a 
trip to some foreign destination for 
you. So, for example, a Mexican citi- 
zen will drive 
around Aztec 
ruins for you, 
and a “Chinese 
guide in Beijing 
will visit the 
Great Wall and send you pictures of 
it.” The savings come from those 
guides doing the same thing for lots 
of peopie at the same time. 

Ridiculous, of course, but a wry 
smile is hard to suppress. 

~ Jamie Eckle 


An MBA Pays 
(And So Does a Y Chromosome) 


When it comes to IT salaries, an 
MBA trumps experience, according 
to a survey of 55,000 IT workers from 
1999 to 2002. 

An MBA degree from a two-year 
program can boost a person’s 
salary by 8.2%, according to a study 
published last September by professor 
M.S. Krishnan and researcher Sunil 
Mithas of the University of Michigan's 
Stephen M. Ross School of Business. 
Meanwhile, two extra years of expe- 
rience boosted a person’s salary by 
just 2.8%. 

The study, which cuts across a vari- 
ety of job titles, including senior and 


midleve! IT managers, also found that 
women in high-tech jobs earn 
7.8% less than men with similar 
positions, educational backgrounds 
and work experience. “In general, 
whether they have an MBA or don't, 
compensation for women continues to 
trail men,” says Mithas. “We don’t come 
to the conclusion that there is discrimi- 
nation against women, just that they lag 
in earnings.” 

Across industries, Krishnan and 
Mithas found that technology firms 
pay 9.4% higher wages than non- 
tech companies. 

- Thomas Hoffman 
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Assistant 
secretary for 
information and 
Crore olen 


U.S. Department 
of Veterans Affairs 


ne Bimmer li) 

reaching out to 
disabled veterans? Probably not. 
Indeed, only recently did the VA 
itself establish a program aimed 
FMM eeme lhe eM ie lice 
including in IT. Contributing editor 
RET m tee CR Tm Le) 
Robert N. McFarland. 


Hiring injured young war veterans for VA 
jobs seems like a natural. How did this 
come about? In September 2003, the Office 
of the Assistant Secretary for Information and 
Technology [OIT] established the IT intern Pro- 
gram, which focused on recruiting and train- 
ing the next generation to lead VA's future IT 
program. Recognizing the huge success of 


this first effort, the [OIT] tasked their staff in 
September 2004 to broaden this program to 
attract young veterans and in particular young 
service-connected disabled veterans. 

In September 2004, OIT began working 
with Walter Reed Hospital to establish a part- 
nership program between VA and DOD that 
would enable disabled service members to 
gain credible work experience by volunteering 
with VA while awaiting completion of their 
discharge, a period that can take from six 
months to iwo years. 


As this program goes national, how many 
IT jobs are likely to be filled by disabled 
vets? There is no definitive answer to this 
question, as there are so many variables to 
consider; not the least is the disabled veter- 
an’s career ambitions. We cannot and do not 
promise anyone a position. 

IT positions require a variety of skill sets 
Where there are matches and/or entry-level 
positions, every effort will be made to provide 
these veterans the opportunity for these new 
career paths. 


How old is the VA IT staff? Are there a lot 
of retirements looming? Out of the almost 
5,000 IT specialists, 18% are eligible for re- 
tirement by the end of the calendar year. If 
you consider those eligible for early outs, that 
number increases to 35% of the total number 
of IT specialists. @ 55052 


Feeling Better 


According to the “2005 What's Working Survey,” conducted by Mercer Human Resource 
Consulting Inc., employee commitment and confidence are on the rise in the U.S. Mercer polled 
a representative sample of workers employed by mare than 800 companies across the U.S. 


Pe ie 
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QUICK HITS 


Offshore Realities 


Which describes your 
company’s approach to using 
offshore IT services? 


@ We're not using them and 
won't in the next 12 months. 


®@ Wehave made a commitment to off- | 


shore but are still ramping up our use. 


@ Weuse offshore resources 
whenever and wherever possible. 


® Wearen'tusing them but are 
actively tracking developments. 


@ Wehave pilot projects in place but 
haven't made a full commitment. 


@ Don'tknow. 


Base: 113 IT decision-makers at 
North American services firms 


Has your company 
realized the savings it expected 
from going offshore? 


@ Tooearlytotell 
@ Yes 


@ Savings, but not as much 
as expected 


@ Nosavings 


Savings that exceeded 
expectations: 5% 


‘—4# Don't know: 5% 
— Costs went up: 2% 


Base: 42 'T decision-makers at 
North American services firms 
using offshore providers 








SOURCE: FORRESTER RESEARCH INC 
CAMBRIDGE, MASS., JUNE 2005 





PAUL GLEN 


The Truth About 
‘Useless’ People 


VERY SO OFTEN, someone will ask me what 

to do with “nondelivery” people. The ques- 

tion goes something like this: “How do you 

deal with people who can’t execute? They 

are good at technical analysis, documenta- 
tion and strategy, but not delivery. I can’t afford them.” 

What the questioner is politely trying to ask is this: 

“What should I do with useless people?” 


It’s a question that some- 
times rubs me the wrong 
way, and I’ll try to explain 
why. Once you dig into the 
query in more detail, you 
find that it actually can 
have one of two very dis- 
tinct meanings. 

In the reasonable ver- 
sion, the questioner is ask- 
ing about a few intelligent 
and talented employees 
who are simply unable to 
finish anything. These are 
the people who are seem- 
ingly paralyzed by ambigu- 
ity and are incapable of 
moving forward until every 
possible question has been 
answered. 

Helping ambiguity-chal- 
lenged people is quite hard. When I 
have encountered them, my impres- 
sion has been that they have a deep- 
rooted emotional need for complete 
information, one that’s not easily over- 
come by repeated pleas for progress, a 
bad review or even being fired. 

The best you can do for them is to 
gently let them know that perfection 
isn’t required in the first draft of a 
piece of work and that its purpose is 
to help figure out both the best ques- 
tions to ask and the answers to those 
questions. Relieved of the burden of 
perfection, they can more easily pro- 
duce drafts. 

In my younger days, I had a tad of 





this tendency myself. I 
once worked for a project 
manager whom I ques- 
tioned almost constantly 
for the first six months we 
were together. When I quit 
the job after a year on the 
project to go back to grad- 
uate school, he took me 
aside at the farewell party. 

“J don’t understand you 

at all,” the project manager 
said. “For the first six 
months you were here, you 
were such a pain in the 
@#$. After that, we rarely 
spoke, and you became by 
far the most productive 
person on the project. 
What happened?” 

“I finally figured out 
what you wanted,” I explained. “We 
don’t see the world the same way, and 
nothing you asked for made sense to 
me, so I had to ask a million questions. 
Once I figured out what you were try- 
ing to do, I just got on with it. I didn’t 
necessarily agree with your approach, 
but that was fine with me, as long as it 
was a coherent one.” 

The question’s other possible mean- 
ing is a bit more irksome to me. In this 
version, the questioner has a few em- 
ployees who are quite talented and can 
finish their work, but they specialize 
in things that the manager doesn’t 
consider “real work.” 

These employees are the people 





who neither code nor test. They do 
the things that we learned little about 
in engineering school. They write re- 
quirements documents, design archi- 
tectures, and produce user and produc- 
tion support documentation. They ne- 
gotiate with the customers rather than 
writing code themselves, they build 
consensus about what should be done. 

Here, the questioner needs to re- 
think his conception of what useful 
work is. These people do a great deal 
of the heavy lifting that’s truly neces- 
sary on a project. If their manager 
thinks that projects can be completed 
successfully without building consen- 
sus or writing user documentation, he 
probably needs to expand his defini- 
tion of project success. 

Delivering technology isn’t our job. 
Making our organizations run smooth- 
ly and efficiently is. Technology is the 
means to that end. And if users need 
documentation to apply our technolo- 
gy, then writing that documentation is 
“real work” in my book. 

Ten years ago, I used to have these 
conversations all the time about proj- 
ect managers. Clients didn’t want to 
pay for them. Project managers didn’t 
code, so no one knew what they did. 
Clearly, they weren’t real workers. 

Luckily, this discussion about proj- 
ect managers is much rarer now. To- 
day, few would think of starting a sig- 
nificant project without one, and the 
success rate of projects is inching up- 
ward in our industry. 

Just remember, if we were to go to a 
conference of chief financial officers 
(or even of programmers), we might 
overhear someone asking a similar 
question: “What should I do about my 
CIO? I have no idea what he does. He 
doesn’t produce code, and we can’t 
afford him.” @ 55069 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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Software Engineer (National 
Placement out of Pittsburgh, 
PA - Multiple Positions) Analy- 


applications including system 
administration. Bachelor Deg- 
ree or equivalent in Computer 
Science, CIS, MIS or Engin- 
eering and five years related 
experience or in the alternate a 
Masters degree and three 
years of related experience or 
equivalent. Skills in EPIC 
KMATE, Java, C++, MS Ac- 
cess, Oracle and Windows 
2000 are necessary. Must be 
able to relocate to different 
client sites as needed. 9-5, 40 
hrs/wk. Please reference SE 
100-CW and Send resumes to 
Attn: HR, Women of the World 
Corporation, LLC, 5168 Camp- 
bells Run Road, Pittsburgh, PA 
15205 or email resume to 
wowcorp.com 


DBA, Oracle. Install support and 
enhance Oracle RDBMS in a 
large distributed application 
environment. Design, create, 
maintain and tune database. 
migrate / upgrade database 
(including data conversion from 
Legacy to Oracle) on various 
Oracle versions utilizing Unix 
(Sun Solaris) and Oracle DBA 
tools. Create backup and recov- 
ery schemes. Ensure the 
integrity and access security. 
Assist applications developers in 
troubleshooting problems enc- 
ountered in the development 
process. Requirements: Assoc- 
jates Degree in Computer 
Information Technology and 3 
years of experience. Resume 
to: Staffing Innovations 5120 
Shoreham PL., #100, San Diego 
CA 92122 or fax (858) 677-7794 


Systems Administrator 
to administer university 
wired/wireless networking 
system. BSCS/EE with 2 
years of related exp. in 
LAN and wireless net- 
works, Wi-Fi, VoIP imple- 
mentation, wireless/sys- 
tems security, protocols 
and Applications/Web ser- 
vers. Send resume to 
UTEP at 500 W. University 
Ave, El Paso, TX 79968, 
Attn: Andrew Pefia. Ref to 
JO#35 


IT Manager 


Crown Worldwide, Inc. seek- 
ing 1T manager in San Mar- 
cos. Manage daily IT opera- 
tions, develop management 
strategies, and direct & coor- 
dinate IT activities abroad. 
Bachelor's in Computer Sci- 
ence + 2 yrs. IT mgmt. exp 
req'd. Fluent in Russian or 
Kazakh req'd. To apply, speci- 
fy the position and send 
resumes to 400 Deertrail Dr., 
San Marcos, TX 78666 
ATTN: William R. King, or by 
fax: 512-353-4467 


Computer Specialist/Web 
Applications Developer 
with proven track record in 
applications development 
for client-server environ- 
ments to work out of our 
New Orleans office. Re- 
sumes to SAIC, 1450 
Poydras St. #1700, New 
Orleans, LA 70112, o 
www.saic.com, referencing 
job code #ARM119825 
EOE. 


IT consulting firm with HQ in 
Vermont has multiple openings 
for IT professionals to serve 
multiple clients throughout the 
U.S. Job duties include: Analy- 
sis, design, development and 
testing of computer applications 
Specific skill sets needed in. 
clude: 


+ Net developers JO-010 

+ J2EE developers JO-020 

+ Data warehousing developers 
(Cognos/informatica, Abinitio: 
Business Objects) JO-030 

+ Oracle Developers/DBA 
JO- 040 

* Siebel Developers JO-050 

+ ATG Developers JO-060 

+ Systems Administrators 
JO-070 

+ ERP Consultants - Oracle. 
PeoplesofVSAP JO-080 


Positions require either a B.S. 
degree in a related fieid and 1-2 
yrs. of exp. w/specific skili sets. 
Some entry leve! positions are 
available & require a M.S. de- 
gree & related coursework or 
exp. Some senior level positions 
are also available & require 5 
yrs. of progressive exp. Compe- 
titive salaries. Must be willing to 
travel/relocate. Send resume to 
jobs@iTechUS.com. Refer to 
specific JO# for consideration 
Applicants must have authority 
to work permanently in the U.S 


COMPUTER OPERATIONS 
MANAGER sought by IT Firm 
wiMS in Engg/Mgmt Sci + 1 yrs 
exp (alternatively co. willing to 
accept or B.S. in Engg/Mgmt 
Sci + 5 yrs exp in lieu of Master's 
degree + 1 yr exp). Pian & dvip 
policies & procedures for s/ware 
dvipmt & consulting using .Net 
tech, SQL 2000, VB; manage 
Project schedules, identify risks 
& clearly communicate them to’ 
project stakeholders, define 
problem solving & risk mitigation 
Strategies & facilitate conflict 
resolution through full project 
cycle; verify adequacy & com- 
patibility w/existing h/ware & 
siware & resolve problems of 
intent, inaccuracy & feasibility of 
oper., oversee compilation & 
analysis of project activities & 
supv workers to deliver statisti- 
cal data/reports on project's fea- 
& 


using Oracle, SQL server; eval 
trade offs between tech. & 
s/ware platforms; prep & monitor 
oper. budgets. 9a-6p. 40 hriwk 
Fax resume to DataSoft Soft 
Consul., 1 Gateway Center. 
#2600, Newark, NJ 07102 


Senior Database Administrators 
(Oracle DBA - National Place- 
ment out of Pittsburgh, PA - 
Multiple Positions). Design 
install, configuration, support. 
modeling and administration of 
Oracle Databases. Bachelor 
Degree or equivalent in Compu- 
ter Science, CIS, MIS or Engin- 
leering and five years related 
experience or in the alternate a 
Masters degree and three years 
of related experience or equiva- 
lent. Skills in Oracle 8.x/8i/9i/ 
11i, OEM, ERWIN, UNIX, PL/ 
SQL, SQL*Loader and Red Hat 
Linux Platforms are necessary. 
Certification is preferred. Must 
be able to relocate to different 
client sites as needed. 9-5, 40 
hrs/wk. Please reference DBA 
100-CW and Send resumes to 
Attn: HR, Women of the World 
Corporation, LLC, 5168 Camp- 
bells Run Road, Pittsburgh, PA 
15205 or email resume to 
|jobs@wowcorp.com 


Manhattan Associates, 
Inc., a worldwide iead- 
er in supply chain exe- 
cution systems is look- 
ing for IT professionals 
for our Atlanta, GA & 
Burlington, MA loca- 
tions. US WORKERS 
ONLY. S/W & Bus. An- 
alysts, Consultants & 
DBA. See our website: 
www.manh.com/careers/ 
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Continued from page 1 


Broadband 


The court ruled in a 6-3 vote 
that cable companies don’t 
have to let rivals offer high- 
speed Internet access over 
their lines. The majority said 
that because the law on the 
matter is ambiguous, the courts 
should defer to the authority of 
the Federal Communications 
Commission, which in 2002 
classified cable-based broad- 
band as an “information ser- 
vice” that isn’t subject to tele- 
phone network-access regula- 
tions. An appeals court had pre- 
viously ruled against the FCC. 

After the Supreme Court 
overturned the lower-court 
ruling, FCC Chairman Kevin 
Martin called for immediate 
steps to create parity for tele- 
phone companies by dropping 
the current requirements that 
they must sell access to their 
Digital Subscriber Line net- 


works to rival vendors. 
Noting that DSL and cable- 
modem technologies are used 
by many businesses for net- 
work backup and as a primary 
means of communi- 
cation by small of- 
fices, Shell said IT 
managers need more 
broadband offerings 
to expand their net- 
work choices. Using 
broadband is much 
cheaper than install- 
ing Tl connections, 
added Shell, who is 
also a vice chairman 
of the Enterprise 
Networking Tech- 
nologies Users Association 
(ENTUA) in Lake Grove, N-Y. 
George Waters, director at 
large of the TCA user group in 
Sacramento, said there isn’t 
enough broadband competi- 
tion, especially in rural mar- 
kets. “When you want to get 
service to small offices in rur- 
al areas, you’re stuck,” he said, 


TERRI STAGGS says 
Pella eleerte lets) 
access is important 
for telecommuters 
and VoIP users. 


noting his recent experience 
as a communications manager 


| for the government of Sonoma 


County, Calif., where he had to 
provision dozens of sheriffs’ 
offices. 

Likewise, Terri 
Staggs, ENTUA’s 
president and a se- 
nior telecommunica- 
tions analyst at Na- 
tional Gypsum Co. 
in Charlotte, N.C., 
said she’s worried 
that the ruling might 
make it harder for 
small Internet ser- 
vice providers to of- 
fer broadband access 
in remote areas where business- 
es can’t find other providers. 

Building out broadband ac- 
cess is important to workers 
trying to run applications 
from their homes and also will 
be vital for voice-over-IP roll- 
outs, said Staggs, whose user 
group includes members from 
more than 70 large companies. 


Several consumer groups 
urged Congress to clarify the 
laws related to broadband ac- 
cess in order to ensure that 
customers have choices, argu- 
ing that the issue will affect 
businesses as well as residen- 
tial customers. The FCC, with 
the Supreme Court’s endorse- 
ment, is creating “an oligarchy 
run by the cable and telephone 


companies,” said Ed Mierzwin- | 


ski, consumer program direc- 

tor for U.S. Public Interest Re- 

search Groups in Washington. 
In contrast, the Telecommu- 


nications Industry Association | 


(TIA) in Arlington, Va., said 
the ruling will promote the ex- 
pansion of broadband access. 
“Broadband is the new fron- 
tier, and we feel the cable and 
phone industries need to have 
{the ability] to get return on 
investment,” said Grant Seif- 
fert, vice president of external 
affairs at the TIA. 

Adi Kishore, an analyst at 
The Yankee Group in Boston, 


| agreed that the ruling means 

| customers will have fewer 
choices. But ultimately, it will 
give cable and telephone com- 
panies the incentive to invest 
in faster networks and more 
applications, Kishore said. 

Colleen Boothby, an attor- 
| ney at Washington-based 
Levine, Blaszak, Block & 
Boothby LLP who represented 
the TIA in the case, said that if 
| the ruling had gone the other 
way, any provider of network 
| services could have been sub- 
ject to regulations and associ- 
ated taxes and fees. 

But Boothby also said that 
the next steps by the FCC will 
have to be watched carefully, 
because a “duopoly” of cable 
and telephone companies isn’t 

competitive enough. @ 55345 
MORE THIS ISSUE 

says the Supreme Court's 

tuling on file-sharing networks declared 


open season on piracy, not on the 
technology itself. Page 38 





Continued from page 1 


AMD 


In its 48-page complaint, 
Sunnyvale, Calif.-based AMD 
claimed that its sales of proc- 
essors to hardware vendors 
for desktops, laptops and 
servers are being hurt by the 
use of exclusive deals and co- 
ercion on the part of Intel. 
AMD’s Japanese subsidiary 
made similar allegations of 
anticompetitive acts in a com- 
plaint filed against Intel’s 
Japanese unit in a Tokyo court. 

“Buyers have no choice but 
Intel [now],” said Roger Kay, 
an analyst at Framingham, 
Mass.-based IDC. “If they 
could pit the two together, 
they could get a better price.” 

It’s no great secret that Intel 
gives so-called market devel- 
opment funds to PC vendors 
to support marketing activities 
involving systems based on its 
chips, Kay said. But proving 
that the funding is dependent 
on maintaining an exclusive 





relationship with Intel or ful- 
filling a quota for its chips 
could require more than just 
producing evidence about 
“suspicious-looking behav- 
iors,” Kay said. 

“In a market where there is 
competition, which supplier is 
not going to offer some kind of 
benefit [to its customers] if 
they are prepared to commit 
to some kind of exclusivity?” 
said Brian Gammage, an ana- 
lyst at Gartner Inc. 

In its lawsuit, AMD listed 
nearly 40 major vendors that it 
claims have been adversely af- 
fected by Intel’s business prac- 
tices. The lawsuit contends 
that Intel used its market pow- 
er to force hardware vendors 
to limit or exclude the use of 
AMD's chips in their systems 
— a process that the lawsuit 
refers to as “knee-capping.” 

For example, Dell Inc. does 
not offer any AMD-based sys- 
tems — a fact that Dell execu- 
tives have partly attributed to 
a desire to maintain the pric- 
ing deals they get from Intel. 





IBM does use AMD’s Opteron 
processor in some of its serv- 
ers, including a blade device 
that it introduced last month. 
But IBM said then that it would 
continue to limit its marketing 
of the Opteron-based systems 


| to high-performance technical 


computing applications. 

IT managers have enough 
clout with server vendors to 
convince most of them to offer 
systems with Opteron, accord- 
ing to Charles Diamond, a 
partner at O’Melveny & My- 
ers LLP, AMD’s lead outside 


Seer eeroeseeeseseseeesenes 


FROM THE ANTITRUST LAWSUIT 
that AMD filed against Intel 





counsel on the lawsuit. 

But the same isn’t true in 
the PC market, Diamond said 
IT buyers who deal with the 
top PC vendors have only Intel- 
based products to choose 
from, he said, claiming that 


| this deprives users of options 


and drives up costs. “If that’s 
not harm to consumers, I don’t 
know what harm to con- 
sumers is,” Diamond said. 

Paul Otellini, Intel’s presi- 
dent and CEO, said in a state- 
ment that Intel officials “un- 
equivocally disagree with 


AMD’s claims” and expect the 
lawsuit to be resolved in In- 
tel’s favor. “We compete ag- 
gressively and fairly,” Otellini 
said. “This will not change.” 

In March, though, the Japan 
Fair Trade Commission ruled 
that Intel had abused its mo- 
nopoly power in that country’s 
microprocessor market. At the 
time, Intel said it disagreed 
with the findings but pledged 
to refrain from several types of 
business practices. 

But private antitrust cases 
are settled out of court 95% of 
the time, said Rod Thompson, 
an attorney at Farella Braun & 
| Martel LLP in San Francisco. 
He also noted that AMD is 
asking for a jury trial, which 
usually requires much more 
preparation time. @ 55353 


Material from the IDG News 
Service was used in this story. 


OUR TAKE 
feels a lot of disgust about 


the AMD-Intel situation. And it isn’t all 
directed at Intel. Page 14 
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Pirate Justice 


ID YOU LISTEN to the news last Monday, or read the 

papers the next day? Did you get the impression that 

the U.S. Supreme Court has declared open season on 

file-sharing networks that might be used for piracy? 

You probably did — that’s how the story was reported 
on CNN, in USA Today and by the major news services. 

They got it wrong. Backward, in fact. The Supreme Court said 
explicitly that file-sharing technology isn’t, in itself, illegal. Even if 
it is used to infringe copyrights. To put the court’s point simply: 
Technology doesn’t infringe copyrights. People infringe copyrights. 


And in the cases of Grokster and Morpheus, 
the court said the people who created those 
particular file-sharing networks were so egre- 
gious in advertising their support for illegally 
trading copyrighted material that they could be 
sued for contributing to that piracy. 

What about the file-sharing technology 
itself? Not a problem, said the justices. In fact, 
the court’s unanimous opinion starts talking 
about the benefits and legal uses of point-to- 
point networks on its very first page. 

The problem isn’t the technology, the court 
said. The problem is the mountain of evidence 
that Grokster and StreamCast Networks (the 
Morpheus people) obviously intended to sup- 
port piracy. And for that, those companies will 
have to face the music. 

It’s easy to see how news reporters got the 
story wrong, though. On one side, the music 
and movie industries were crowing about their 
great victory over file sharing. On the other 
side, IT vendors were moaning that now any 
company with technology that might be used 
illegally will live in fear of lawsuits. Reporters 
likely figured that these people knew what they 
were talking about. 

But there was no great victory 
over file sharing — just over Grok- 
ster and StreamCast. And there’s no 
cloud hanging over all new tech- 
nologies — only over companies 
that invite, encourage and support 
stealing copyrighted material. 

Music and movie companies 
should crow while they can. From 
now on, they’ll have to prove that 
a file-sharing network’s operators 
clearly intended the network to be 
used illegally. That could be tough 
with targets like Kazaa, which 





explicitly forbids swapping copyrighted materi- 
al in its click-through license agreement. 

And tech companies shouldn’t be moaning. 
They should be glad the Supreme Court under- 
stands the importance of new technologies. 

Look, these justices are setting a standard for 
the entire U.S. court system. And that standard 
is very tech-friendly — and tech-savvy. Three 
of the justices went out of their way to say that 
CD burners, digital video recorders, MP3 play- 
ers, Internet search engines and peer-to-peer 
software are all legal (and to mention that cable 
descramblers aren’t). 

In 1984, the Supreme Court ruled that Sony 
couldn’t be held liable just because the VCRs 
it sold could be misused. In fact, an estimated 
90% of VCR use was for illegal copying. But 
Sony hadn’t promoted the machines for that. So 
the court gave Sony the benefit of the doubt. 

Twenty-one years later, the court still gives 
new technologies — and the companies that 
sell them — that benefit. Why? The justices 
understand that technologies grow, change 
and mature. Early on they may be used for 
piracy, but new, legitimate uses will never be 

discovered if they’re never given 
a fair chance. 

This court understands the need 
to protect copyrights. But it’s will- 
ing to protect and nurture new 
technologies, even if they’re used 
for piracy. Just not if they’re used 
to promote piracy. 

So when you hear someone 
lamenting the Grokster decision, 
pass along the good news: The 
Supreme Court hasn’t declared 
open season on file-sharing net- 
works or any other technology. 

Just pirates. @ 55307 
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bers. My boss kept reading and, hearing nothing from 
me, assumed everything was checking out. Only when 
he got to the end did he notice | had nodded off!” 
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Got Questions About 
Enterprise Data Analytics? 


Computerworld’s IT Management Summit Has the Answers 


Beyond Business Intelligence: 
Using Enterprise Analytics to Drive 
Fact-Based Decisions 

Washington, D.C. - July 12, 2005 


Marriott Bethesda North Conference Center - 
5701 Marinelli Road - North Bethesda, Maryland 


Looking to better understand enterprise 
analytics? Apply to attend Computerworld’s 
complimentary* half-day IT Management 
Summit: Beyond Business Intelligence. 


Enterprise analytics enable companies to 
make timely fact-based decisions using 
critical information from across the entire 
organization. By fully leveraging data, 
technology, skills and processes, successful 
users of enterprise analytics go beyond 
simply understanding the past, to predicting 
outcomes that improve overall corporate 
performance. 


This summit will feature the latest insights 
of business intelligence industry experts and 
will give you first-hand information on the 
innovations and experiences of companies 
successfully deploying enterprise analytics. 


* Complimentary registration is restricted to 


qualified IT managers only. 


Apply for registration today 
Contact Chris Leger at 888-299-0155 
or visit: www.itmanagementsummit.com 


7:45am to 8:15am 


8:15am to 


‘25am 


8:25am to 8:55am 


8:55am to 9:25am 


9:25am to 10:15am 


10:15am to 10:45am 


10:45am to 11:15am 


11:15am to Noon 


Registration and Networking Breakfast 


Introduction and Overview 
Julia King, Executive Editor, Events, and Nationa 
Correspondent, Computerworld 


Trends in Enterprise Analytics: 
An Industry Analyst’s Overview 
Keith Gile, Principal Analyst, Forrester Research 


Case Study: United States Census Bureau 
Blake Sanders, Branch Chief of System Design and Suppo 
Foreign Trade Division, United States Census Bur 


How Technology is Transforming 
Business Intelligence 

Rob Stephens, Director, Technology Strategy, SAS 
Michael Tillema, Business Intelligence Strategist, Inte 


Refreshment and Networking Break 


Case Study: The Nature Conservancy 
Connor Baker, Director of Business Information 
The Nature Conservancy 
Panel Discussion - From Gut Feel to Fact-Based 
Decisions: Real-Life Business, Political and 
Technology Lessons Learned on the Front Lines 
of Enterprise Analytics 
Moderator: Julia King, Executive Editor, Events, and Nationa 
Correspondent, Computerworld 
Panelists 
- Blake Sanders, Branch Chief of System Design 
Foreign Trade Division, United States Census Bureau 
* Connor Baker, Director of Business Information 
The Nature Conservancy 
«Keith Gile, Principal Analyst, Forrester Rese 
Rob Stephens, Director, Technology Strategy, S 
‘Michael Tillema, Business Intelligence Strategist, Intel 


Program Concludes 


Exclusively sponsored by 


9sas 


The Power to Know, 


COMPUTERWORLD 


“2 TT MANAGEMENT SUMMIT 


SERIES 


Selected 
speakers include: 


Connor Baker 
Director of Business 
Information, The Nature 
Conservancy 


Blake Sanders 

Branch Chief of System Design 
and Support, Foreign Trade 
Division, United States Census 
Bureau 


Keith Gile 
Principal Analyst, 
Forrester Research 


> 


Rob Stephens 
Director, Technology Strategy, 
SAS 


Michael Tillema 
Business Intelligence Strategist, 
Intel 


+ 


Julia King 

Executive Editor, Events, and 
National Correspondent 
Computerworld 


This program will 
also take place in: 





DB2. ONLY THE PERFORMANCE IS HIGH. 


DB2 has done it again. According to a Market Magic Study, 
DB2 costs “on average 22% less than Oracle.” 


The Transaction Processing Performance Council results 
show that DB2 and eServer™ p5-595 are more than twice 
as scalable as Oracle Real Application Clusters, making 
them the overwhelming performance and scalability 
leader for TPC-C’ And an ITG study showed overall costs 
for Oracle Database up to four times higher than DB2 


No wonder DB2 is regarded as the leading database built 
on and optimized for Linux, UNIX" and Windows: Like 
other IBM database engine products such as Informix 
DB2 is part of an innovative family of 


informatior nagement products that integrates and 


and Cloudscape 


can actually add insight to your data 


It takes full advantage of your existing heterogeneous 
and open environments, while its leading-edge 
autonomic computing technology means increased 
reliability, increased programmer productivity and 
decreased deployment and management costs 


One more thing: Oracle desupported Oracle Database 8i 
last year, meaning potential headaches, higher cost or 

a complete migration to current versions of Oracle 
Fortunately, IBM offers ongoing, around-the-clock service 
and support for DB2 


Why not move up to middleware that makes sense? Now you 
can get IBM DB2 Universal Database or Informix by taking 
advantage of our extremely compelling trade-up program. 
Visit ibm.com/db2/swap today to find out if you qualify. 


(0) DEMAND BUSINESS 





